mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-12-01 20:46:12 +01:00
6425857776
Signed-off-by: Magic_RB <magic_rb@redalder.org>
39 lines
1,004 B
HCL
39 lines
1,004 B
HCL
resource "vault_mount" "pki-inra" {
|
|
path = "pki-inra"
|
|
type = "pki"
|
|
description = "in.redalder.org"
|
|
default_lease_ttl_seconds = 8640000
|
|
max_lease_ttl_seconds = 8640000
|
|
}
|
|
|
|
resource "vault_policy" "pki-inra-update" {
|
|
name = "pki-inra-update"
|
|
|
|
policy = <<EOF
|
|
path "${vault_mount.pki-inra.path}/config/ca" {
|
|
capabilities = ["update"]
|
|
}
|
|
EOF
|
|
}
|
|
|
|
resource "vault_pki_secret_backend_config_urls" "example" {
|
|
backend = vault_mount.pki-inra.path
|
|
issuing_certificates = [
|
|
"https://vault.in.redalder.org:8200/v1/pki/ca",
|
|
]
|
|
crl_distribution_points = [
|
|
"https://vault.in.redalder.org:8200/v1/pki_int/crl",
|
|
]
|
|
}
|
|
|
|
resource "vault_pki_secret_backend_role" "test_role" {
|
|
backend = vault_mount.pki-inra.path
|
|
name = "test_role"
|
|
ttl = 3600
|
|
allow_ip_sans = true
|
|
key_type = "rsa"
|
|
key_bits = 4096
|
|
allowed_domains = ["test.in.redalder.org"]
|
|
allow_subdomains = false
|
|
}
|