vault-ent-starter
hashicorp/vault-ent-starter/gcp
GCP
A Terraform Module for provisioning an Enterprise Vault cluster (using integrated storage) as described by HashiCorp reference architecture.
Vault Enterprise GCP Module This is a Terraform module for provisioning Vault Enterprise with integrated storage on GCP. This module defaults to setting up a cluster with 5 Vault nodes (as recommended by the Vault with Integrated Storage Reference Architecture). About This Module This module implements the Vault with Integrated Storage Reference Architecture on GCP using the Enterprise version of Vault 1.8+. How to Use This Module - Ensure your GCP credentials are configured correctly and have permission to use the following GCP services: - Cloud Resource Manager API - Compute Engine API - GCP Identity & Access Management (IAM) - GCP Key Management System API - GCP Cloud Storage - Google Cloud Load Balancing - GCP SSL Certificates - Secret Manager API - To deploy without an existing VPC, u
| Name | Type | Description | Default |
|---|---|---|---|
| subnetwork | string | The self link of the subnetwork in which to deploy resources | |
| user_supplied_kms_crypto_key_self_link | string | (Optional) Self link to user created kms crypto key | |
| user_supplied_kms_key_ring_self_link | string | (Optional) Self link to user created kms key ring | |
| project_id | string | GCP project in which to launch resources | |
| resource_name_prefix | string | Prefix for naming resources | |
| user_supplied_userdata_path | string | (Optional) File path to custom userdata script being supplied by the user | |
| leader_tls_servername | string | One of the shared DNS SAN used to create the certs used for mTLS | |
| ssl_certificate_name | string | Name of the created managed SSL certificate. Required when create_load_balancer | |
| tls_secret_id | string | Secret id/name given to the Google Secret Manager secret | |
| vault_license_filepath | string | Filepath to location of Vault license file | |
| node_count | number | Number of Vault nodes to deploy | 5 |
| vault_license_name | string | The file name for the Vault license file | "vault.hclic" |
| vm_disk_type | string | VM Disk type. SSD recommended | "pd-ssd" |
| location | string | Location of the kms key ring | "global" |
| networking_healthcheck_ips | list(string) | Allowed IPs required for healthcheck. Provided by GCP | [
"35.191.0.0/16",
"130.211.0.0/22"
|
| reserve_subnet_range | string | The IP address ranges for the https proxy range for the load balancer | "10.1.0.0/16" |
| ssh_source_ranges | list(string) | The source IP address ranges from which SSH traffic will be permitted; these ran | [
"35.235.240.0/20"
] |
| vault_lb_health_check | string | The endpoint to check for Vault's health status | "/v1/sys/health?activecode=200\u0026stan |
| vault_version | string | Vault version | "1.8.1" |
| vm_disk_source_image | string | VM Disk source image | "projects/ubuntu-os-cloud/global/images/ |
| create_load_balancer | bool | If true, creates a private load balancer. Set to false to disable the load balan | true |
| storage_location | string | The location of the storage bucket for the Vault license. | "US" |
| vm_machine_type | string | VM Machine Type | "n2-standard-4" |
| vm_disk_size | number | VM Disk size | 500 |
lb_address — Load Balancer Address GCP