certs

10thmagnitude/certs/private

Terraform Module HCL PRIVATE

Extracted submodule from Hashicorp/terraform-azurerm-vault

Install

module "certs" {

source = "10thmagnitude/certs/private"

version = "0.1.0"

}

plain text: /constructs/tfmod-10thmagnitude-certs-private/install.txt

⭐ Source on GitHub 📦 Registry page

README

Private TLS Cert This module can be used to generate a Certificate Authority (CA) public key and the public and private keys of a TLS certificate signed by this CA. This certificate is meant to be used with private services, such as a Vault cluster accessed solely within your Azure account. For publicly-accessible services, especially services you access through a web browser, you should NOT use this module, and instead get certificates from a commercial Certificate Authority, such as Let's Encrypt. If you're unfamiliar with how TLS certificates work, check out the Background section. Quick start 1. Copy this module to your computer. 1. Open vars.tf and fill in the variables that do not have a default. 1. DO NOT configure Terraform remote state storage for this code. You do NOT want to sto

Inputs (16)

Name	Type	Description	Default
ca_public_key_file_path	any	Write the PEM-encoded CA certificate public key to this path (e.g. /etc/tls/ca.c	required
organization_name	any	The name of the organization to associate with the certificates (e.g. Acme Co).	required
ip_addresses	any	List of IP addresses for which the certificate will be valid (e.g. 127.0.0.1).	required
owner	any	The OS user who should be given ownership over the certificate files.	required
dns_names	any	List of DNS names for which the certificate will be valid (e.g. vault.service.co	required
ca_common_name	any	The common name to use in the subject of the CA certificate (e.g. acme.co cert).	required
public_key_file_path	any	Write the PEM-encoded certificate public key to this path (e.g. /etc/tls/vault.c	required
private_key_file_path	any	Write the PEM-encoded certificate private key to this path (e.g. /etc/tls/vault.	required
common_name	any	The common name to use in the subject of the certificate (e.g. acme.co cert).	required
validity_period_hours	any	The number of hours after initial issuing that the certificate will become inval	required
private_key_rsa_bits	any	The size of the generated RSA key in bits. Should only be used if var.private_ke	`"2048"`
allowed_uses	any	List of keywords from RFC5280 describing a use that is permitted for the issued	`[ "key_encipherment", "digital_signa`
private_key_algorithm	any	The name of the algorithm to use for private keys. Must be one of: RSA or ECDSA.	`"RSA"`
ca_allowed_uses	any	List of keywords from RFC5280 describing a use that is permitted for the CA cert	`[ "cert_signing", "key_encipherment"`
private_key_ecdsa_curve	any	The name of the elliptic curve to use. Should only be used if var.private_key_al	`"P256"`
permissions	any	The Unix file permission to assign to the cert files (e.g. 0600).	`"0600"`

Outputs (3)

ca_public_key_file_path

public_key_file_path

private_key_file_path

Resources (4)

tls_cert_requesttls_locally_signed_certtls_private_keytls_self_signed_cert

Details

FrameworkTerraform Module

LanguageHCL

Version0.1.0

Cloud PRIVATE

★ Stars0

Forks2

Total downloads865

Inputs16

Outputs3

Resources4

Namespace10thmagnitude

Updated

Tools

⚖ Compare with another construct → 📋 View data schema