Skip to content
/ terraform-ibm-secrets-manager-private-cert Public
generated from terraform-ibm-modules/terraform-ibm-module-template

Orders a private certificate secret in a Secrets Manager instance that has the private certificates engine configured

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

terraform-ibm-modules/terraform-ibm-secrets-manager-private-cert

BranchesTags

Repository files navigation

Secrets Manager Private Cert module

Graduated (Supported) pre-commit latest release Renovate enabled semantic-release

This module creates a private certificate in an existing Secrets Manager instance that has a configured Private Certificate Engine.

The module handles the following resource:

  • Secrets Manager private certificate

Overview

terraform-ibm-secrets-manager-private-cert

Usage

module "secrets_manager_private_certificate" {
  source  = "terraform-ibm-modules/secrets-manager-private-cert/ibm"
  version = "latest" # Replace "latest" with a release version to lock into a specific release

  cert_name             = "example-private-cert"
  cert_description      = "an example private cert"
  cert_secrets_group_id = "the secret group ID to place the cert"
  cert_template         = "name of the cert template to use"
  cert_common_name      = "example.com"

  secrets_manager_guid   = module.secrets_manager.secrets_manager_guid
  secrets_manager_region = var.region
}

Required IAM access policies

You need the following permissions to run this module.

  • Account Management
    • IAM Access Groups service
      • Editor platform access
    • IAM Identity service
      • Operator platform access
    • Resource Group service
      • Viewer platform access
  • IAM Services
    • Secrets Manager service
      • Administrator platform access
      • Manager service access

Requirements

Name Version
terraform >= 1.3.0
ibm >=1.70.0, <2.0.0

Modules

No modules.

Resources

Name Type
ibm_sm_private_certificate.secrets_manager_private_certificate resource

Inputs

Name Description Type Default Required
cert_alt_names Optional, Alternate names for the certificate to be created list(string) null no
cert_common_name Fully qualified domain name or host domain name for the certificate to be created string n/a yes
cert_csr Certificate signing request. If you don't include this parameter, the CSR that is used to generate the certificate is created internally string null no
cert_custom_metadata Optional, Custom metadata for the certificate to be created map(string) 
{
  "collection_total": 1,
  "collection_type": "application/vnd.ibm.secrets-manager.secret+json"
}
 no
cert_description Optional, Extended description of certificate to be created. To protect privacy, do not use personal data, such as name or location, as a description for certificate string null no
cert_ip_sans Optional, IP Subject Alternative Names (SANs) to define for the CA certificate, in a comma-delimited list string null no
cert_labels Optional, Labels for the certificate to be created list(string) [] no
cert_name Name of the certificate to be created in Secrets Manager string n/a yes
cert_other_sans Optional, The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to define for the CA certificate. The alternative names must match the values that are specified in the 'allowed_other_sans' field in the associated certificate template list(string) [] no
cert_rotation Optional, Rotation policy for the certificate to be created 
object({
    auto_rotate = optional(bool)
    interval    = optional(number)
    unit        = optional(string)
  })
 
{
  "auto_rotate": true,
  "interval": 12,
  "unit": "month"
}
 no
cert_secrets_group_id Optional, Id of Secrets Manager secret group to store the certificate in string "default" no
cert_template Name of the certificate template to use string n/a yes
cert_ttl Optional, Time-to-live (TTL) to assign to a private certificate string "364d" no
cert_uri_sans Optional, URI Subject Alternative Names (SANs) to define for the CA certificate, in a comma-delimited list string null no
cert_version_custom_metadata Optional, Custom version metadata for the certificate to be created map(string) {} no
exclude_cn_from_sans Optional, Controls whether the common name is excluded from Subject Alternative Names (SANs). If set to true, the common name is not included in DNS or Email SANs if they apply bool false no
private_key_format Optional, Format of the generated private key string "der" no
return_format Optional, Format of the returned data string "pem" no
secrets_manager_guid Secrets Manager GUID string n/a yes
secrets_manager_region Region the Secrets Manager instance is in string n/a yes
service_endpoints Service endpoint type to communicate with the provided secrets manager instance. Possible values are public or private string "public" no

Outputs

Name Description
id Private certificates secrets manager secret resource ID
secret_crn Private certificates secrets manager secret CRN
secret_id Private certificates secrets manager secret unique ID

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.

About

Orders a private certificate secret in a Secrets Manager instance that has the private certificates engine configured

Topics

terraform core-team ibm-cloud terraform-module supported graduated secrets-manager-private-cert

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

15 watching

Forks

0 forks
Report repository

Releases 13

v1.3.2 Latest
Nov 1, 2024
+ 12 releases

Packages

No packages published

Contributors 13

Languages