unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f6d06cb319
terraform-vault/modules/vault_cluster/modules/pki_mount_only/main.tf
Ben Vincent 8070b6f66b feat: major restructuring in migration to terragrunt 
- migrate from individual terraform files to config-driven terragrunt module structure
- add vault_cluster module with config discovery system
- replace individual .tf files with centralized config.hcl
- restructure auth and secret backends as configurable modules
- move auth roles and secret backends to yaml-based configuration
- convert policies from .hcl to .yaml format, add rules/auth definition
- add pre-commit hooks for yaml formatting and file cleanup
- add terragrunt cache to gitignore
- update makefile with terragrunt commands and format target
2026-01-26 23:02:44 +11:00

38 lines
1.3 KiB
HCL
Raw Blame History

resource "vault_mount" "pki" {
path = var.path
type = "pki"
description = var.description
max_lease_ttl_seconds = var.max_lease_ttl_seconds
}
data "vault_pki_secret_backend_issuer" "issuer" {
backend = vault_mount.pki.path
issuer_ref = var.issuer_ref
}
resource "vault_pki_secret_backend_config_urls" "config_urls" {
backend = vault_mount.pki.path
issuing_certificates = var.issuing_certificates
crl_distribution_points = var.crl_distribution_points
ocsp_servers = var.ocsp_servers
enable_templating = var.enable_templating
}
resource "vault_pki_secret_backend_config_issuers" "issuers" {
count = var.default_issuer_ref != null ? 1 : 0
backend = vault_mount.pki.path
default = var.default_issuer_ref
default_follows_latest_issuer = var.default_follows_latest_issuer
}
resource "vault_pki_secret_backend_crl_config" "crl" {
backend = vault_mount.pki.path
expiry = var.crl_expiry
disable = var.crl_disable
ocsp_disable = var.ocsp_disable
auto_rebuild = var.auto_rebuild
enable_delta = var.enable_delta
delta_rebuild_interval = var.delta_rebuild_interval
}
Reference in New Issue View Git Blame Copy Permalink