Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager-private-cert

Orders a private certificate secret in a Secrets Manager instance that has the private certificates engine configured
https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager-private-cert

core-team graduated ibm-cloud secrets-manager-private-cert supported terraform terraform-module

Last synced: 3 days ago
JSON representation

Orders a private certificate secret in a Secrets Manager instance that has the private certificates engine configured

Awesome Lists containing this project

README 

        
# Secrets Manager Private Cert module



[![Graduated (Supported)](https://img.shields.io/badge/Status-Graduated%20(Supported)-brightgreen)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)

[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)

[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-secrets-manager-private-cert?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-secrets-manager-private-cert/releases/latest)

[![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)

[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)



This module creates a private certificate in an existing Secrets Manager instance that has a configured [Private Certificate Engine](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificates&interface=ui).



The module handles the following resource:

- Secrets Manager private certificate



## Overview

* [terraform-ibm-secrets-manager-private-cert](#terraform-ibm-secrets-manager-private-cert)

* [Examples](./examples)

    * [Default example](./examples/default)

    * [Private-Only Secret Manager example](./examples/private)

* [Contributing](#contributing)



## terraform-ibm-secrets-manager-private-cert



### Usage



```hcl

module "secrets_manager_private_certificate" {

  source  = "terraform-ibm-modules/secrets-manager-private-cert/ibm"

  version = "latest" # Replace "latest" with a release version to lock into a specific release



  cert_name             = "example-private-cert"

  cert_description      = "an example private cert"

  cert_secrets_group_id = "the secret group ID to place the cert"

  cert_template         = "name of the cert template to use"

  cert_common_name      = "example.com"



  secrets_manager_guid   = module.secrets_manager.secrets_manager_guid

  secrets_manager_region = var.region

}

```



## Required IAM access policies



You need the following permissions to run this module.



- Account Management

  - **IAM Access Groups** service

      - `Editor` platform access

  - **IAM Identity** service

      - `Operator` platform access

  - **Resource Group** service

      - `Viewer` platform access

- IAM Services

  - **Secrets Manager** service

      - `Administrator` platform access

      - `Manager` service access



### Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.3.0 |

|  [ibm](#requirement\_ibm) | >=1.65.0, <2.0.0 |



### Modules



No modules.



### Resources



| Name | Type |

|------|------|

| [ibm_sm_private_certificate.secrets_manager_private_certificate](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/sm_private_certificate) | resource |



### Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [cert\_alt\_names](#input\_cert\_alt\_names) | Optional, Alternate names for the certificate to be created | `list(string)` | `null` | no |

|  [cert\_common\_name](#input\_cert\_common\_name) | Fully qualified domain name or host domain name for the certificate to be created | `string` | n/a | yes |

|  [cert\_csr](#input\_cert\_csr) | Certificate signing request. If you don't include this parameter, the CSR that is used to generate the certificate is created internally | `string` | `null` | no |

|  [cert\_custom\_metadata](#input\_cert\_custom\_metadata) | Optional, Custom metadata for the certificate to be created | `map(string)` | 
{
  "collection_total": 1,
  "collection_type": "application/vnd.ibm.secrets-manager.secret+json"
}
 | no |

|  [cert\_description](#input\_cert\_description) | Optional, Extended description of certificate to be created. To protect privacy, do not use personal data, such as name or location, as a description for certificate | `string` | `null` | no |

|  [cert\_ip\_sans](#input\_cert\_ip\_sans) | Optional, IP Subject Alternative Names (SANs) to define for the CA certificate, in a comma-delimited list | `string` | `null` | no |

|  [cert\_labels](#input\_cert\_labels) | Optional, Labels for the certificate to be created | `list(string)` | `[]` | no |

|  [cert\_name](#input\_cert\_name) | Name of the certificate to be created in Secrets Manager | `string` | n/a | yes |

|  [cert\_other\_sans](#input\_cert\_other\_sans) | Optional, The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to define for the CA certificate. The alternative names must match the values that are specified in the 'allowed\_other\_sans' field in the associated certificate template | `list(string)` | `[]` | no |

|  [cert\_rotation](#input\_cert\_rotation) | Optional, Rotation policy for the certificate to be created | 
object({
    auto_rotate = optional(bool)
    interval    = optional(number)
    unit        = optional(string)
  })
 | 
{
  "auto_rotate": true,
  "interval": 12,
  "unit": "month"
}
 | no |

|  [cert\_secrets\_group\_id](#input\_cert\_secrets\_group\_id) | Optional, Id of Secrets Manager secret group to store the certificate in | `string` | `"default"` | no |

|  [cert\_template](#input\_cert\_template) | Name of the certificate template to use | `string` | n/a | yes |

|  [cert\_ttl](#input\_cert\_ttl) | Optional, Time-to-live (TTL) to assign to a private certificate | `string` | `"364d"` | no |

|  [cert\_uri\_sans](#input\_cert\_uri\_sans) | Optional, URI Subject Alternative Names (SANs) to define for the CA certificate, in a comma-delimited list | `string` | `null` | no |

|  [cert\_version\_custom\_metadata](#input\_cert\_version\_custom\_metadata) | Optional, Custom version metadata for the certificate to be created | `map(string)` | `{}` | no |

|  [exclude\_cn\_from\_sans](#input\_exclude\_cn\_from\_sans) | Optional, Controls whether the common name is excluded from Subject Alternative Names (SANs). If set to true, the common name is not included in DNS or Email SANs if they apply | `bool` | `false` | no |

|  [private\_key\_format](#input\_private\_key\_format) | Optional, Format of the generated private key | `string` | `"der"` | no |

|  [return\_format](#input\_return\_format) | Optional, Format of the returned data | `string` | `"pem"` | no |

|  [secrets\_manager\_guid](#input\_secrets\_manager\_guid) | Secrets Manager GUID | `string` | n/a | yes |

|  [secrets\_manager\_region](#input\_secrets\_manager\_region) | Region the Secrets Manager instance is in | `string` | n/a | yes |

|  [service\_endpoints](#input\_service\_endpoints) | Service endpoint type to communicate with the provided secrets manager instance. Possible values are `public` or `private` | `string` | `"public"` | no |



### Outputs



| Name | Description |

|------|-------------|

|  [id](#output\_id) | Private certificates secrets manager secret resource ID |

|  [secret\_crn](#output\_secret\_crn) | Private certificates secrets manager secret CRN |

|  [secret\_id](#output\_secret\_id) | Private certificates secrets manager secret unique ID |



## Contributing



You can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md).



To set up your local development environment, see [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.