consul-secrets-engine
devops-rob/consul-secrets-engine/vault
This module enables and configures the Consul secrets engine.
Consul example Overview This module enables and configures the Consul secrets engine. Example use case There are instances where an application may need to read or update consul components, for example, key/value data in the KV store, in an ACL enabled consul cluster. In these scenarios, developers will need to provide the application with a consul acl token. In order to reduce the attack surface of the application, developers can leverage Vault to dynamically provision Consul ACL tokens when an application requires access, and clean the token up when its TTL expires. This module can be used to enable and configure the Consul secrets engine for developers to leverage as discussed above. Consul Requirements Vault will require a Consul ACL token to authenticate with Consul. To enable the ACL
| Name | Type | Description | Default |
|---|---|---|---|
| consul_token | string | (Required) The Consul ACL token. | |
| consul_backend_role_name | string | (Required) Name for the Consul role. | |
| consul_policies | list(string) | (Optional) List of consul policies that will be attached to generated ACL tokens | |
| consul_default_lease | number | (Optional) Default lease for Consul secrets engine. | 3600 |
| consul_local_token | bool | (Optional) Specify if Consul ACL token should be kept locally. | false |
| consul_token_type | string | (Optional) Consul token type. | "Client" |
| path | string | (Required) The path that the secrets engine will be mounted to. | "consul" |
| consul_address | string | (Optional) The address of the Consul server. | "localhost:8500" |
| consul_use_https | bool | (Optional) Use HTTPS to connect to Consul. | true |
| consul_max_lease | number | (Optional) Maximum lease for Consul secrets engine. | 3600 |