-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
77 lines (63 loc) · 1.49 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
/*
This is an example Terraform file to show capabilities of the Venafi-token integration.
*/
variable "TPP_URL" {
default = ""
}
variable "TPP_ZONE" {
default = ""
}
variable "TRUST_BUNDLE" {
default = ""
}
resource "venafi-token_credential" "example" {}
resource "random_string" "cn" {
length = 5
special = false
upper = false
numeric = false
}
provider "venafi" {
alias = "tpp_token"
url = var.TPP_URL
zone = var.TPP_ZONE
trust_bundle = file(var.TRUST_BUNDLE)
access_token = venafi-token_credential.example.access_token
}
resource "venafi_certificate" "dev_certificate" {
//Name of the used provider
provider = venafi.tpp_token
common_name = "dev-${random_string.cn.result}.venafi.example.com"
//Key encryption algorithm
algorithm = "RSA"
//DNS aliases
san_dns = [
"dev-web01-${random_string.cn.result}.example.com",
"dev-web02-${random_string.cn.result}.example.com",
]
//IP aliases
san_ip = [
"10.1.1.1",
"192.168.0.1",
]
//Email aliases
san_email = [
"dev@venafi.com",
"dev2@venafi.com",
]
//private key password
key_password = "newPassw0rd!"
}
//output certificate
output "cert_certificate_dev" {
value = venafi_certificate.dev_certificate.certificate
}
//output certificate chain
output "cert_chain_dev" {
value = venafi_certificate.dev_certificate.chain
}
//output private key
output "cert_private_key_dev" {
sensitive = true
value = venafi_certificate.dev_certificate.private_key_pem
}