» vault_identity_group
Creates an Identity Group for Vault. The Identity secrets engine is the identity management solution for Vault.
A group can contain multiple entities as its members. A group can also have subgroups. Policies set on the group is granted to all members of the group. During request time, when the token's entity ID is being evaluated for the policies that it has access to; along with the policies on the entity itself, policies that are inherited due to group memberships are also granted.
» Example Usage
» Internal Group
resource "vault_identity_group" "internal" {
name = "internal"
type = "internal"
policies = ["dev", "test"]
metadata = {
version = "2"
}
}
» External Group
resource "vault_identity_group" "group" {
name = "external"
type = "external"
policies = ["test"]
metadata = {
version = "1"
}
}
» Argument Reference
The following arguments are supported:
-
name- (Required, Forces new resource) Name of the identity group to create. -
type- (Optional, Forces new resource) Type of the group, internal or external. Defaults tointernal. -
policies- (Optional) A list of policies to apply to the group. -
metadata- (Optional) A Map of additional metadata to associate with the group. -
member_group_ids- (Optional) A list of Group IDs to be assigned as group members. -
member_entity_ids- (Optional) A list of Entity IDs to be assigned as group members. Not allowed onexternalgroups.
» Attributes Reference
In addition to all arguments above, the following attributes are exported:
-
id- Theidof the created group.