This module creates Hashicorp Vault entities and internal groups as part of its Identity Secrets Engine.
The main module includes the following submodules:
- The vault-identity-entities to create entities and provided aliases for them (see its README Dependencies section)
- The vault-identity-groups to create internal groups
module "entities" {
source = "./vault-identity-entities"
create_entity_aliases = true
entities = [
{
name = "user-1",
policies = ["policy-1", "policy-2"]
metadata = {
"metadata-1" = "value-1"
"metadata-2" = "value-2"
}
},
{
name = "user-2",
policies = ["policy-3", "policy-2"]
metadata = {}
}
]
aliases = [
{
"name" = "jwt-user-1"
"entity" = "user-1"
"auth_path" = "jwt"
},
{
"name" = "oidc-user2"
"entity" = "user-2"
"auth_path" = "oidc"
}
]
}
module "vault_groups" {
source = "./modules/vault-identity-groups"
groups = [
{
name = "group1"
type = "internal"
policies = ["dbs-group-policy-1", "dbs-group-policy-2"]
member_group_ids = []
member_entity_ids = ["canonical-id-entity-1", "canonical-id-entity-2"]
metadata = {
"metadata-1" = "value"
"metadata-2" = "value"
}
}
]
}| Name | Version |
|---|---|
| terraform | >= 0.12 |
| Name | Version |
|---|---|
| vault | n/a |
| Name | Description | Type | Default |
|---|---|---|---|
| create_vault_entity_aliases | n/a | bool |
false |
| vault_aliases_objects | List of objects defining the alias to entity and auth path match | list(object({ |
[] |
| vault_endpoint | Vault endpoint | string |
"http://127.0.0.1:8200" |
| vault_entity_objects | List object for the Vault identity entity | list(object({ |
[] |
| vault_group_objects | List object for Vault identity group | list(object({ |
[] |
| Name | Description |
|---|---|
| vault_identity_entities | Map of Vault entity created |
| vault_identity_entity_alias | Map of Vault entity aliases created with relevant info |
| vault_identity_groups | List of maps with relevant info for Vault created groups |