hashicorp/terraform-provider-vault

[Enhancement]: Allow setting not_after for vault_pki_secret_backend_root_cert

mitsutaka opened this issue · 0 comments

mitsutaka commented

Description

Generating a new certificate of the vault API allows specifying the not_after to set the absolute end date instead of ttl. The documentation for the vault_pki_secret_backend_root_cert resource, this parameter can't currently be set when generating a new certificate in Terraform.

Affected Resource(s) and/or Data Source(s)

  • resource_vault_pki_secret_backend_root_cert

Potential Terraform Configuration

resource "vault_pki_secret_backend_root_cert" "ca" {
  backend  = vault_mount.pki.path
  
  ...

  not_after = "2025-01-01T00:00:00Z"
}

References

https://developer.hashicorp.com/vault/api-docs/secret/pki#not_after

Would you like to implement a fix?

None