postgres-nia

joatmon08/postgres-nia/vault

Terraform Module HCL VAULT

Consul-Terraform-Sync compatible module for synchronizing Consul service to Vault database secrets engine

Install

module "postgres-nia" {

source = "joatmon08/postgres-nia/vault"

version = "0.0.1"

}

plain text: /constructs/tfmod-joatmon08-postgres-nia-vault/install.txt

⭐ Source on GitHub 📦 Registry page

README

terraform-vault-database-nia Consul-Terraform-Sync compatible module for synchronizing Consul service to the PostgreSQL database secrets engine for Vault. > Note: This scopes the creation of a single database service to unique secrets engine path. > Mapping the database service to its own secrets engine path ensures that you can scope > Vault roles and authentication to the specific credential you need. This module configures: - Database secrets engine backend - Database secrets engine connection - Database secrets engine role - (Optional) Kubernetes authentication method role You can separately configure a different authentication method. Requirements | Name | Version | |------|---------| | vault | >= 3.6.0 | Providers | Name | Version | |------|---------| | vault | 3.6.0 | Modules No mod

Inputs (16)

Name	Type	Description	Default
postgres_username	string	Administrative username for PostgreSQL	required
name	string	Name of database connection and role to configure in Vault	required
postgres_database_name	string	Database to access for PostgreSQL	required
services	map( object({ id	Consul services monitored by Consul-Terraform-Sync	required
postgres_password	string	Administrative password for PostgreSQL	required
bound_service_account_names	list(string)	If set, set up Kubernetes auth method with specific service accounts.	`[]`
allowed_roles	list(string)	List of allowed roles for database connection in Vault	`[ "*" ]`
role_name	string	Name of role to configure in Vault if not the same as database connection.	`""`
database_path	string	Path to database secrets engine in Vault	`"database"`
revocation_statements	list(string)	List of revocation statements to create user in PostgreSQL	`[ "ALTER ROLE \"{{name}}\" NOLOGIN;" ]`
default_ttl	number	Default TTL for database credentials	`3600`
max_ttl	number	Max TTL for database credentials	`3600`
vault_kubernetes_auth_path	string	If set, set up Kubernetes auth method.	`""`
creation_statements	list(string)	List of creation statements to create user in PostgreSQL	`[ "CREATE ROLE \"{{name}}\" WITH LOGIN`
additional_connection_string_arguments	string	Additional connection string arguments for database connection in Vault	`"sslmode=disable"`
bound_service_account_namespaces	list(string)	If set, set up Kubernetes auth method with specific namespaces.	`[]`

Outputs (3)

vault_mount_path

vault_role

vault_policy

Resources (5)

vault_database_secret_backend_connectionvault_database_secret_backend_rolevault_kubernetes_auth_backend_rolevault_mountvault_policy

Details

FrameworkTerraform Module

LanguageHCL

Version0.0.1

Cloud VAULT

Total downloads1.0k

Inputs16

Outputs3

Resources5

Namespacejoatmon08

Updated

Tools

⚖ Compare with another construct → 📋 View data schema