transit-secrets-engine
devops-rob/transit-secrets-engine/vault
This module enables and configures the transit secrets engine in Vault.
Transit Secrets Engine Overview This module enables and configures the transit secrets engine in Vault. Example use case Modern applications often have to handle sensitive data. This could be anything from credit card number to National Insurance numbers. As application developers, there is a duty of care to protect this data when at rest and whilst in transit. One way to protect this data, is to encrypt it before it is sent to its storage location. Cryptography can be very complicated to implement in applications. Mistakes in the implementation can be very costly for a business. Application developers can now leverage Vault to delegate encryption away from their apps and instead, rely on Vault to perform the cryptography function. Vault will manage the keys securely and rich access contro
| Name | Type | Description | Default |
|---|---|---|---|
| path | string | (Required) The path that the secrets engine will be mounted to. | "transit" |
| default_lease | number | (Optional) Default lease for all secrets engines. | 3600 |
| max_lease | number | (Optional) Maximum lease for all secrets engines. | 3600 |
| seal_wrap | bool | (Optional) Enable seal wrapping for secrets engines. | true |
| local_mount | bool | (Optional) Boolean flag that can be explicitly set to true to enforce local moun | true |
| external_entropy_access | bool | (Optional) Boolean flag that can be explicitly set to true to enable the secrets | false |
| transit_cache_size | number | (Optional) The number of cache entries. 0 means unlimited. | 0 |
| transit_keys | list(object({ name | (Optional) A list of transit key objects. | [] |