diff --git a/README.md b/README.md
index dfcf1ed..414a63c 100644
--- a/README.md
+++ b/README.md
@@ -98,24 +98,27 @@ For more information about Ansible Galaxy, go to https://galaxy.ansible.com/docs
| Variable Name | Description |
| ---------------------------------------- | ------------------------------------------------------------ |
- | `credentials_file` | Name of the file containing Venafi credentials and connection settings
Default: credentials.yml |
- | `certificate_common_name` | *Common Name* to request for the certificate.
Default: "{{ ansible_fqdn }}" |
- | `certificate_alt_name` | Comma separated list of *Subject Alternative Names* to request for the certificate. Prefix each value with the SAN type (e.g. "DNS:host.company.com,IP:10.20.30.40,email:me@company.com") | |
- | `certificate_privatekey_type` | Key algorithm, "RSA" or "ECDSA"
Default: "RSA" (from VCert) |
- | `certificate_privatekey_size` | Key size in bits for RSA keys
Default: "2048" (from VCert) |
- | `certificate_privatekey_curve` | Elliptic Curve for ECDSA keys
Default: "P251" (from VCert) |
+ | `credentials_file` | Name of the file containing Venafi credentials and connection settings
Default: `credentials.yml` |
+ | `certificate_common_name` | *Common Name* to request for the certificate.
Default: `"{{ ansible_fqdn }}"` |
+ | `certificate_alt_name` | Comma separated list of *Subject Alternative Names* to request for the certificate. Prefix each value with the SAN type.
Example: `"DNS:host.example.com,IP:10.20.30.40,email:me@example.com"` | |
+ | `certificate_privatekey_type` | Key algorithm, "RSA" or "ECDSA"
Default: `"RSA"` (from VCert) |
+ | `certificate_privatekey_size` | Key size in bits for RSA keys
Default: `"2048"` (from VCert) |
+ | `certificate_privatekey_curve` | Elliptic Curve for ECDSA keys
Default: `"P251"` (from VCert) |
| `certificate_privatekey_passphrase` | Password to use for encrypting the private key |
- | `certificate_chain_option` | Specifies whether the root CA certificate appears "last" (default) or "first" in the chain file |
- | `certificate_cert_dir` | Local parent directory where the cryptographic assets will be stored
Default: "/etc/ssl/{{ certificate_common_name }}" |
- | `certificate_cert_path` | Local directory where certificate files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem" |
- | `certificate_chain_path` | Local directory where certificate chain files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem" |
- | `certificate_privatekey_path` | Local directory where private key files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.key" |
- | `certificate_csr_path` | Local directory where certificate signing request files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.csr" |
- | `certificate_remote_execution` | Specifies whether cryptographic assets will be generated remotely, or locally and then provisioned to the remote host
Default: false |
- | `certificate_remote_cert_path` | Directory on remote host where certificate files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem" |
- | `certificate_remote_chain_path` | Directory on remote host where certificate chain files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem" |
- | `certificate_remote_privatekey_path` | Directory on remote host where private key files will be stored
Default: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.key" |
- | `certificate_copy_private_key_to_remote` | Specifies whether to copy the private key file to the remote host
Default: true |
+ | `certificate_chain_option` | Specifies whether the root CA certificate appears `"last"` (default) or `"first"` in the chain file |
+ | `certificate_cert_dir` | Local parent directory where the cryptographic assets will be stored
Default: `"/etc/ssl/{{ certificate_common_name }}"` |
+ | `certificate_cert_path` | Local directory where certificate files will be stored
Default: `{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem"` |
+ | `certificate_chain_path` | Local directory where certificate chain files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem"` |
+ | `certificate_privatekey_path` | Local directory where private key files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.key"` |
+ | `certificate_csr_path` | Local directory where certificate signing request files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.csr"` |
+ | `certificate_remote_execution` | Specifies whether cryptographic assets will be generated remotely, or locally and then provisioned to the remote host
Default: `false` |
+ | `certificate_remote_cert_path` | Directory on remote host where certificate files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem"` |
+ | `certificate_remote_chain_path` | Directory on remote host where certificate chain files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem"` |
+ | `certificate_remote_privatekey_path` | Directory on remote host where private key files will be stored
Default: `"{{ certificate_cert_dir }}/{{ certificate_common_name }}.key"` |
+ | `certificate_copy_private_key_to_remote` | Specifies whether to copy the private key file to the remote host
Default: `true` |
+ | `certificate_before_expired_hours` | Number of hours prior to the expiration of the certificate before it can be renewed
Default: `72` |
+ | `certificate_renew` | Specifies whether to renew the certificate if it is within the "before_expired_hours" window when the playbook is run
Default: `true` |
+ | `certificate_force` | Specifies whether to request a new certificate every time the playbook is run
Default: `false` |
Defaults are defined in the [defaults/main.yml](defaults/main.yml) file.