Ben Vincent
8070b6f66b
- migrate from individual terraform files to config-driven terragrunt module structure - add vault_cluster module with config discovery system - replace individual .tf files with centralized config.hcl - restructure auth and secret backends as configurable modules - move auth roles and secret backends to yaml-based configuration - convert policies from .hcl to .yaml format, add rules/auth definition - add pre-commit hooks for yaml formatting and file cleanup - add terragrunt cache to gitignore - update makefile with terragrunt commands and format target
110 lines
2.3 KiB
HCL
110 lines
2.3 KiB
HCL
variable "path" {
|
|
description = "Mount path of the PKI secrets engine"
|
|
type = string
|
|
}
|
|
|
|
variable "description" {
|
|
description = "Human-friendly description of the mount"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "max_lease_ttl_seconds" {
|
|
description = "Maximum lease TTL in seconds"
|
|
type = number
|
|
default = 315360000 # 87600 * 3600
|
|
}
|
|
|
|
variable "common_name" {
|
|
description = "Common name for the root certificate"
|
|
type = string
|
|
}
|
|
|
|
variable "issuer_name" {
|
|
description = "Name for the root CA issuer"
|
|
type = string
|
|
}
|
|
|
|
variable "ttl" {
|
|
description = "TTL for the root certificate in seconds"
|
|
type = number
|
|
default = 315360000 # 87600 * 3600
|
|
}
|
|
|
|
variable "format" {
|
|
description = "Format for the certificate"
|
|
type = string
|
|
default = "pem"
|
|
}
|
|
|
|
variable "issuing_certificates" {
|
|
description = "List of issuing certificate URLs"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
variable "crl_distribution_points" {
|
|
description = "List of CRL distribution point URLs"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
variable "ocsp_servers" {
|
|
description = "List of OCSP server URLs"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
variable "enable_templating" {
|
|
description = "Whether to enable templating for URL configuration"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "default_issuer_ref" {
|
|
description = "Reference to the default issuer"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "default_follows_latest_issuer" {
|
|
description = "Whether the default issuer should follow the latest issuer"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "crl_expiry" {
|
|
description = "CRL expiration time"
|
|
type = string
|
|
default = "72h"
|
|
}
|
|
|
|
variable "crl_disable" {
|
|
description = "Whether to disable CRL"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "ocsp_disable" {
|
|
description = "Whether to disable OCSP"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "auto_rebuild" {
|
|
description = "Whether to auto-rebuild CRL"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "enable_delta" {
|
|
description = "Whether to enable delta CRL"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "delta_rebuild_interval" {
|
|
description = "Delta CRL rebuild interval"
|
|
type = string
|
|
default = null
|
|
} |