{"id":21030955,"url":"https://github.com/philippechepy/terraform-tls-certificate","last_synced_at":"2026-03-19T18:32:22.218Z","repository":{"id":42444801,"uuid":"435232196","full_name":"PhilippeChepy/terraform-tls-certificate","owner":"PhilippeChepy","description":null,"archived":false,"fork":false,"pushed_at":"2022-04-05T21:05:33.000Z","size":5,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-20T15:19:51.225Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PhilippeChepy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-05T17:23:48.000Z","updated_at":"2021-12-17T19:07:43.000Z","dependencies_parsed_at":"2022-09-16T18:01:01.162Z","dependency_job_id":null,"html_url":"https://github.com/PhilippeChepy/terraform-tls-certificate","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PhilippeChepy%2Fterraform-tls-certificate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PhilippeChepy%2Fterraform-tls-certificate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PhilippeChepy%2Fterraform-tls-certificate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PhilippeChepy%2Fterraform-tls-certificate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PhilippeChepy","download_url":"https://codeload.github.com/PhilippeChepy/terraform-tls-certificate/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243467255,"owners_count":20295357,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-19T12:22:38.575Z","updated_at":"2026-01-02T00:08:48.210Z","avatar_url":"https://github.com/PhilippeChepy.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform PKI: Certificate\n\nThis module allows one to build a TLS certificate and its associated private key.\n\nPart of this collection:\n- https://github.com/PhilippeChepy/terraform-tls-root-ca\n- https://github.com/PhilippeChepy/terraform-tls-intermediate-ca\n- https://github.com/PhilippeChepy/terraform-tls-certificate\n\n## Example usage\n\nWith a root CA certificate generated by the [Root CA module](https://github.com/PhilippeChepy/terraform-tls-root-ca):\n\n```\nmodule \"etcd_ca_certificates\" {\n  source = \"git@github.com:PhilippeChepy/terraform-tls-root-ca.git\"\n\n  common_name           = \"Etcd CA\"\n  validity_period_hours = 87660\n}\n\nmodule \"etcd_server_certificate\" {\n  source   = \"git@github.com:PhilippeChepy/terraform-tls-certificate.git\"\n  for_each = module.etcd_cluster.instances\n\n  signing_key_pem  = module.etcd_ca_certificates.private_key_pem\n  signing_cert_pem = module.etcd_ca_certificates.certificate_pem\n\n  common_name = each.value.hostname\n  dns_sans    = [each.value.hostname]\n  ip_sans = concat(\n    length(each.value.ipv4_address) != 0 ? [each.value.ipv4_address] : [],\n    length(each.value.ipv6_address) != 0 ? [each.value.ipv6_address] : [],\n  )\n\n  server_auth = true\n  client_auth = true\n\n  validity_period_hours = 87660\n}\n```\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\nNo requirements.\n\n## Providers\n\nThe following providers are used by this module:\n\n- \u003ca name=\"provider_tls\"\u003e\u003c/a\u003e [tls](#provider\\_tls)\n\n## Modules\n\nNo modules.\n\n## Resources\n\nThe following resources are used by this module:\n\n- [tls_cert_request.certificate](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) (resource)\n- [tls_locally_signed_cert.certificate](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) (resource)\n- [tls_private_key.certificate](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) (resource)\n\n## Required Inputs\n\nThe following input variables are required:\n\n### \u003ca name=\"input_common_name\"\u003e\u003c/a\u003e [common\\_name](#input\\_common\\_name)\n\nDescription: Define the certificate common name.\n\nType: `string`\n\n### \u003ca name=\"input_signing_cert_pem\"\u003e\u003c/a\u003e [signing\\_cert\\_pem](#input\\_signing\\_cert\\_pem)\n\nDescription: The root or intermediate certificate used to sign this certificate.\n\nType: `string`\n\n### \u003ca name=\"input_signing_key_pem\"\u003e\u003c/a\u003e [signing\\_key\\_pem](#input\\_signing\\_key\\_pem)\n\nDescription: The private key used to sign this certificate.\n\nType: `string`\n\n### \u003ca name=\"input_validity_period_hours\"\u003e\u003c/a\u003e [validity\\_period\\_hours](#input\\_validity\\_period\\_hours)\n\nDescription: The certificate will expire after this amount of time.\n\nType: `number`\n\n## Optional Inputs\n\nThe following input variables are optional (have default values):\n\n### \u003ca name=\"input_client_auth\"\u003e\u003c/a\u003e [client\\_auth](#input\\_client\\_auth)\n\nDescription: Set the certificate usable for client authentication\n\nType: `bool`\n\nDefault: `false`\n\n### \u003ca name=\"input_dns_sans\"\u003e\u003c/a\u003e [dns\\_sans](#input\\_dns\\_sans)\n\nDescription: Set a list of DNS as SANS (subject alternative names).\n\nType: `set(string)`\n\nDefault: `[]`\n\n### \u003ca name=\"input_ecdsa_curve\"\u003e\u003c/a\u003e [ecdsa\\_curve](#input\\_ecdsa\\_curve)\n\nDescription: May be any of 'P224', 'P256', 'P384' or 'P521', with 'P224' as the default.\n\nType: `string`\n\nDefault: `null`\n\n### \u003ca name=\"input_ip_sans\"\u003e\u003c/a\u003e [ip\\_sans](#input\\_ip\\_sans)\n\nDescription: Define a list of IP SANS (subject alternative names).\n\nType: `set(string)`\n\nDefault: `[]`\n\n### \u003ca name=\"input_key_algorithm\"\u003e\u003c/a\u003e [key\\_algorithm](#input\\_key\\_algorithm)\n\nDescription: Key Algorithm (e.g. 'RSA' or 'ECDSA'), with 'RSA' as the default.\n\nType: `string`\n\nDefault: `\"RSA\"`\n\n### \u003ca name=\"input_organization\"\u003e\u003c/a\u003e [organization](#input\\_organization)\n\nDescription: Define the certificate organization.\n\nType: `string`\n\nDefault: `null`\n\n### \u003ca name=\"input_rsa_bits\"\u003e\u003c/a\u003e [rsa\\_bits](#input\\_rsa\\_bits)\n\nDescription: Defaults to '4096' bits.\n\nType: `string`\n\nDefault: `4096`\n\n### \u003ca name=\"input_server_auth\"\u003e\u003c/a\u003e [server\\_auth](#input\\_server\\_auth)\n\nDescription: Set the certificate usable for server authentication\n\nType: `bool`\n\nDefault: `true`\n\n## Outputs\n\nThe following outputs are exported:\n\n### \u003ca name=\"output_bundle_pem\"\u003e\u003c/a\u003e [bundle\\_pem](#output\\_bundle\\_pem)\n\nDescription: A bundle containing the private key and the resulting certificate.\n\n### \u003ca name=\"output_certificate_bundle_pem\"\u003e\u003c/a\u003e [certificate\\_bundle\\_pem](#output\\_certificate\\_bundle\\_pem)\n\nDescription: A bundle containing both the signing and the resulting certificates.\n\n### \u003ca name=\"output_certificate_pem\"\u003e\u003c/a\u003e [certificate\\_pem](#output\\_certificate\\_pem)\n\nDescription: The resulting certificate.\n\n### \u003ca name=\"output_private_key_pem\"\u003e\u003c/a\u003e [private\\_key\\_pem](#output\\_private\\_key\\_pem)\n\nDescription: The private key of the certificate.\n\u003c!-- END_TF_DOCS --\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphilippechepy%2Fterraform-tls-certificate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphilippechepy%2Fterraform-tls-certificate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphilippechepy%2Fterraform-tls-certificate/lists"}