/terraform-module-cts-acme-vault

Terraform module for ACME certificates to be stored in Vault, for use by Consul Terraform Sync

Primary LanguageHCLApache License 2.0Apache-2.0

terraform-module-cts-acme-vault

Terraform module for ACME certificates to be stored in Vault, for use by Consul Terraform Sync

Requirements

Name Version
acme 2.6.0
tls >= 3.1
vault >= 2.24

Providers

Name Version
acme 2.6.0
tls 3.1.0
vault 2.24.1

Modules

No modules.

Resources

Name Type
acme_certificate.certificate resource
acme_registration.reg resource
tls_private_key.private_key resource
vault_generic_secret.account_private_key resource
vault_generic_secret.cert resource

Inputs

Name Description Type Default Required
account_email Email address to use for the ACME account string n/a yes
acme_url ACME server URL string "https://acme-staging-v02.api.letsencrypt.org/directory" no
common_name Common name for the certificate string n/a yes
consul_tags List of Consul tags to filter services on list(string) [] no
dns_challenge The [DNS challenge|https://www.terraform.io/docs/providers/acme/r/certificate.html#using-dns-challenges] to use for fulfilling the request. 
object({
        config   = map(string)
        provider = string
    })
 n/a yes
min_days_remaining ration of a certificate before a renewal is attempted. A value of less than 0 means that the certificate will never be renewed. number 30 no
recursive_nameservers The recursive nameservers that will be used to check for propagation of the challenge record. Defaults to your system-configured DNS resolvers. list(string) [] no
services Consul services monitored by Consul-Terraform-Sync 
map(
    object({
      id        = string
      name      = string
      kind      = string
      address   = string
      port      = number
      meta      = map(string)
      tags      = list(string)
      namespace = string
      status    = string

      node                  = string
      node_id               = string
      node_address          = string
      node_datacenter       = string
      node_tagged_addresses = map(string)
      node_meta             = map(string)

      cts_user_defined_meta = map(string)
    })
  )
 n/a yes
subject_alternative_names Subject Alternative Names to add to the dynamically generated ones list(string) [] no
subject_alternative_names_base_domain Base domain to be added to the automatically generated SANs ( e.g. with a service test and base domain example.com, the SAN will be test.example.com) string n/a yes
vault_account_private_key_path Vault path for the generated TLS private key used for the ACME account registration string n/a yes
vault_cert_path Vault path where to store the certificate string n/a yes

Outputs

No outputs.