approle
devops-rob/approle/vault
The Vault AppRole Terraform module configures HashiCorp Vault AppRoles and associated policies for machines or applications to authenticate against Vault.
Vault AppRole Terraform module The Vault AppRole Terraform module configures HashiCorp Vault AppRoles and associated policies for machines or applications to authenticate against Vault. For more information on AppRole, refer to the documentation. Prerequisites This module requires the AppRole auth method to be enabled and configured at a path of your choice. Usage This module supports the creation of Vault policies written in HCL and JSON. These policies can be stored in any location on the machine running the terraform apply. By default, the module will look in the current working directory for any policy files. This can be changed by setting the policies_path variable to the absolute path of your Vault policy files. The module will write these policies into Vault. The module also provide
| Name | Type | Description | Default |
|---|---|---|---|
| approle_name | string | (Required) The name of the AppRole. | |
| secret_id_bound_cidrs | list(string) | (Optional) If set, specifies blocks of IP addresses which can perform the login | |
| secret_id_ttl | number | (Optional) The number of seconds after which any SecretID expires. | |
| token_explicit_max_ttl | number | (Optional) If set, will encode an explicit max TTL onto the token in number of s | |
| role_id | string | (Optional) The RoleID of this role. If not specified, one will be auto-generated | |
| approle_backend_path | string | (Optional) The unique name of the auth backend to configure. Defaults to `approl | |
| token_num_uses | number | (Optional) The period, if any, in number of seconds to set on the token. | |
| token_bound_cidrs | list(string) | (Optional) List of CIDR blocks; if set, specifies blocks of IP addresses which c | |
| token_max_ttl | number | (Optional) The maximum lifetime for generated tokens in number of seconds. Its c | |
| token_period | number | (Optional) If set, indicates that the token generated using this role should nev | |
| token_ttl | number | (Optional) The maximum lifetime for generated tokens in number of seconds. Its c | |
| policies_path | string | (Optional) The absolute path to directory containing Vault policies. If not set, | "" |
| bind_secret_id | bool | (Optional) Whether or not to require `secret_id` to be presented when logging in | true |
| token_type | string | (Optional) The type of token that should be generated. Can be service, batch, or | "service" |
| secret_id_num_uses | number | (Optional) The number of times any particular SecretID can be used to fetch a to | 3600 |
| token_no_default_policy | bool | (Optional) If set, the default policy will not be set on generated tokens; other | false |
| additional_policies | list(string) | (Optional) A list of any additional policies to add to the AppRole. These polici | [] |