gcp-secrets-engine

devops-rob/gcp-secrets-engine/vault

Terraform Module HCL VAULT

A Terraform module to configures HashiCorp Vault GCP secrets engine.

Install

module "gcp-secrets-engine" {

source = "devops-rob/gcp-secrets-engine/vault"

version = "0.1.2"

}

plain text: /constructs/tfmod-devops-rob-gcp-secrets-engine-vault/install.txt

⭐ Source on GitHub 📦 Registry page

README

Terraform Module: Vault GCP Secrets Engine A Terraform module to configures HashiCorp Vault GCP secrets engine. Overview This module will enable operators to implement dynamic credential provisioning for their GCP environments. GCP Requirements - A GCP project. - A GCP service account. - The service account needs the following permissions: - iam.serviceAccountKeys.create - iam.serviceAccountKeys.delete - iam.serviceAccountKeys.get - iam.serviceAccountKeys.list - iam.serviceAccounts.create - iam.serviceAccounts.delete - iam.serviceAccounts.get - resourcemanager.projects.getIamPolicy - resourcemanager.projects.setIamPolicy - A GCP credentials file for the service account. For information about Service Accounts, Permissions and Roles, refer to the Google Cloud documentation *NOTE: Credentials

Inputs (9)

Name	Type	Description	Default
gcp_credentials	string	(Optional) The GCP service account credentials in JSON format.	required
gcp_project	string	(Required) Name of the GCP project that this roleset's service account will belo	required
gcp_roleset_name	string	(Required) Name of the Roleset to create.	required
gcp_bindings	list(object({ resource = s	(Optional) Bindings to create for this roleset.	required
gcp_default_ttl	number	(Optional) Default TTL for GCP secrets backend.	`3600`
gcp_maximum_ttl	number	(Optional) Maximum TTL for GCP secrets backend.	`3600`
gcp_secret_type	string	(Optional) Type of secret generated for this role set. Accepted values: `access_	`"access_token"`
path	string	(Required) The Vault path that the GCP secrets engine should be mounted to.	`"gcp"`
gcp_token_scopes	list(string)	(Optional, Required for gcp_secret_type = `access_token`) List of OAuth scopes t	`[ "https://www.googleapis.com/auth/clo`

Outputs (1)

gcp_role_set_service_account_email

Resources (2)

vault_gcp_secret_backendvault_gcp_secret_roleset

Details

FrameworkTerraform Module

LanguageHCL

Version0.1.2

Cloud VAULT

★ Stars1

Forks3

Total downloads873

Inputs9

Outputs1

Resources2

Examples2

LicenseApache-2.0

Namespacedevops-rob

Updated

Tools

⚖ Compare with another construct → 📋 View data schema