tls

devops-rob/tls/gcp

Terraform Module HCL GCP

Create self-signed TLS certicates, encrypt keys and store in GCS Bucket

Install

module "tls" {

source = "devops-rob/tls/gcp"

version = "0.1.4"

}

plain text: /constructs/tfmod-devops-rob-tls-gcp/install.txt

⭐ Source on GitHub 📦 Registry page

README

Self-signed TLS cetificates stored in GCS Bucket This module creates a Certificate Authority, a self-signed certificate signed by the Certificate Authority and stores all certificates and keys in a GCS Bucket. All keys are encrypted using Google KMS before they are stored in the GCS Bucket. This is useful for the deployment of systems in GCP that may require TLS when bootstrapping the system components. Access to the resulting certificate and key material is based on GCP's Identity and Access Management domain model. A Service account will need to be created and then this module can assign the correct access rights to that service account using IAM Roles. Usage ``hcl resource "google_service_account" "test" { account_id = "test-account" } resource "google_compute_address" "test" { name = "

Inputs (14)

Name	Type	Description	Default
tls_bucket	string	GCS Bucket to store resulting certificates and keys. Terraform will create this	required
service_account_email	string	Service account email to assign IAM permissions to for access to GCS Bucket and	required
project_id	string	ID of the project in which to create resources and add IAM bindings.	required
tls_cert_name	string	Name for the self-signed TLS certificate.	required
kms_keyring	string	Name of the Cloud KMS KeyRing for asset encryption. Terraform will create this k	`"tls"`
service_account_storage_bucket_iam_roles	list(string)	List of IAM roles for the service account to have on the storage bucket.	`[ "roles/storage.legacyBucketReader",`
kms_protection_level	string	The protection level to use for the KMS crypto key.	`"software"`
tls_ca_subject	object({ common_name	The `subject` block for the root CA certificate.	`{ "common_name": "Example Inc. Root",`
tls_cn	string	The TLS Common Name for the TLS certificates	`"certificate.example.net"`
region	string	Region in which to create resources.	`"europe-west1"`
bucket_location	string	Geograpgical region in which the GCS Bucket should reside.	`"EU"`
tls_ou	string	The TLS Organizational Unit for the TLS certificate	`"HashiCorp Developer Advocates"`
tls_dns_names	list(string)	List of DNS names added to the self-signed certificate. E.g vault.example.net	`[]`
ip_addresses	list(string)	List of IP addresses to add to the certificate.	`[]`

Outputs (8)

key_id

key_ring_id

encrypted_private_key

cert_filename

key_filename

ca_filename

self_signed_cert

bucket_id

Resources (12)

google_kms_crypto_keygoogle_kms_crypto_key_iam_membergoogle_kms_key_ringgoogle_kms_secret_ciphertextgoogle_storage_bucketgoogle_storage_bucket_iam_membergoogle_storage_bucket_objectrandom_idtls_cert_requesttls_locally_signed_certtls_private_keytls_self_signed_cert

Details

FrameworkTerraform Module

LanguageHCL

Version0.1.4

Cloud GCP

★ Stars1

Forks2

Total downloads4.9k

Inputs14

Outputs8

Resources12

Examples3

LicenseApache-2.0

Namespacedevops-rob

Updated

Tools

⚖ Compare with another construct → 📋 View data schema