terraform-module-cts-acme-vault
Terraform module for ACME certificates to be stored in Vault, for use by Consul Terraform Sync
No modules.
Name
Description
Type
Default
Required
account_email
Email address to use for the ACME account
string
n/a
yes
acme_url
ACME server URL
string
"https://acme-staging-v02.api.letsencrypt.org/directory"
no
common_name
Common name for the certificate
string
n/a
yes
consul_tags
List of Consul tags to filter services on
list(string)
[]
no
dns_challenge
The [DNS challenge|https://www.terraform.io/docs/providers/acme/r/certificate.html#using-dns-challenges ] to use for fulfilling the request.
object({ config = map(string) provider = string })
n/a
yes
min_days_remaining
ration of a certificate before a renewal is attempted. A value of less than 0 means that the certificate will never be renewed.
number
30
no
recursive_nameservers
The recursive nameservers that will be used to check for propagation of the challenge record. Defaults to your system-configured DNS resolvers.
list(string)
[]
no
services
Consul services monitored by Consul-Terraform-Sync
map( object({ id = string name = string kind = string address = string port = number meta = map(string) tags = list(string) namespace = string status = string node = string node_id = string node_address = string node_datacenter = string node_tagged_addresses = map(string) node_meta = map(string) cts_user_defined_meta = map(string) }) )
n/a
yes
subject_alternative_names
Subject Alternative Names to add to the dynamically generated ones
list(string)
[]
no
subject_alternative_names_base_domain
Base domain to be added to the automatically generated SANs ( e.g. with a service test
and base domain example.com, the SAN will be test.example.com)
string
n/a
yes
vault_account_private_key_path
Vault path for the generated TLS private key used for the ACME account registration
string
n/a
yes
vault_cert_path
Vault path where to store the certificate
string
n/a
yes
No outputs.