» vault_pki_secret_backend_root_sign_intermediate
Creates an PKI certificate.
» Example Usage
resource "vault_pki_secret_backend_root_sign_intermediate" "root" {
depends_on = [ "vault_pki_secret_backend_intermediate_cert_request.intermediate" ]
backend = "${vault_pki_secret_backend.root.path}"
csr = "${vault_pki_secret_backend_intermediate_cert_request.intermediate.csr}"
common_name = "Intermediate CA"
exclude_cn_from_sans = true
ou = "My OU"
organization = "My organization"
}
» Argument Reference
The following arguments are supported:
-
backend
- (Required) The PKI secret backend the resource belongs to. -
csr
- (Required) The CSR -
common_name
- (Required) CN of intermediate to create -
alt_names
- (Optional) List of alternative names -
ip_sans
- (Optional) List of alternative IPs -
uri_sans
- (Optional) List of alternative URIs -
other_sans
- (Optional) List of other SANs -
ttl
- (Optional) Time to leave -
format
- (Optional) The format of data -
private_key_format
- (Optional) The private key format -
key_type
- (Optional) The desired key type -
key_bits
- (Optional) The number of bits to use -
max_path_length
- (Optional) The maximum path length to encode in the generated certificate -
exclude_cn_from_sans
- (Optional) Flag to exclude CN from SANs -
use_csr_values
- (Optional) Preserve CSR values -
permitted_dns_domains
- (Optional) List of domains for which certificates are allowed to be issued -
ou
- (Optional) The organization unit -
organization
- (Optional) The organization -
country
- (Optional) The country -
locality
- (Optional) The locality -
province
- (Optional) The province -
street_address
- (Optional) The street address -
postal_code
- (Optional) The postal code
» Attributes Reference
In addition to the fields above, the following attributes are exported:
-
certificate
- The certificate -
issuing_ca
- The issuing CA -
ca_chain
- The CA chain -
serial
- The serial