project

kiwicom/project/vault

Terraform Module HCL VAULT

Vault resources for Gitlab project.

Install

module "project" {

source = "kiwicom/project/vault"

version = "2.0.6"

}

plain text: /constructs/tfmod-kiwicom-project-vault/install.txt

⭐ Source on GitHub 📦 Registry page

README

terraform-vault-project Vault resources for Gitlab project. Runtime secrets - creates "use" and "maintainers" policies for the path kw/secret/[GITLAB_PATH]/runtime/ in this case: kw/secret/automation/granny/runtime/ with same name (eventually with -maintainers suffix for maintainer policy) - if runtime_maintainer_groups or maintainer_groups are specified they will get the runtime maintainer policy assigned - if runtime_use_groups is specified the groups will get "use" policy assigned - it usually does not make sense to assign policies here - we have special module for this - let's say the application will run in test-tom cluster in tom-based-app namespace, so we assign kw/secret/automation/granny/runtime to the namespace ``hcl module "project_automation_granny" { source = "kiwicom/project/

Inputs (13)

Name	Type	Description	Default
project_id	string	GitLab project ID	required
group_id	string	GitLab project ID	required
create_runtime	string	Should be runtime policy created	`true`
runtime_use_groups	list	Usually developers needs to access runtime secrets for development.	`[]`
runtime_maintainer_groups	list	You can have different maintainers of Runtime and CICD secrets.	`[]`
cicd_variable_prefix	string	Prefix for Gitlab CICD variables	`"TF_VAR_VAULT_ENTERPRISE_"`
main_module_switch	string	All resource creation is optional.	`true`
cicd_use_groups	list	Usually you do not want this. But you can allow some group to act as an CICD.	`[]`
cicd_maintainer_groups	list	You can have different maintainers of Runtime and CICD secrets.	`[]`
provided_roles	map	App as secrets manager	`{}`
bad_practice_cicd_static_path	string	Should be CICD policies and resources created - mostly bad practice	`false`
maintainer_groups	list	Whom to assign permissions to manage Runtime and CICD secrets	`[]`
cicd_additional_policies	list	Additional policies to assign to CICD of the project	`[]`

Outputs (3)

roles_policies

cicd_role_id

cicd_secret_id

Resources (6)

gitlab_group_variablegitlab_project_variablevault_approle_auth_backend_rolevault_approle_auth_backend_role_secret_idvault_identity_group_policiesvault_policy

Details

FrameworkTerraform Module

LanguageHCL

Version2.0.6

Cloud VAULT

Total downloads15.6k

Inputs13

Outputs3

Resources6

Namespacekiwicom

Updated

Tools

⚖ Compare with another construct → 📋 View data schema