Terraform plan to create this example looks like:
# vault_pki_secret_backend_role.pki_roles["pki/inter/davnet.lmhd.me.yaml"] will be created
+ resource "vault_pki_secret_backend_role" "pki_roles" {
+ allow_any_name = false
+ allow_bare_domains = false
+ allow_glob_domains = false
+ allow_ip_sans = true
+ allow_localhost = false
+ allow_subdomains = true
+ allowed_domains = [
+ "davnet.lmhd.me",
]
+ allowed_domains_template = false
+ backend = "pki/inter"
+ basic_constraints_valid_for_non_ca = false
+ client_flag = true
+ code_signing_flag = false
+ email_protection_flag = false
+ enforce_hostnames = true
+ generate_lease = false
+ id = (known after apply)
+ key_bits = 2048
+ key_type = "rsa"
+ key_usage = [
+ "DigitalSignature",
+ "KeyAgreement",
+ "KeyEncipherment",
]
+ max_ttl = "7776000"
+ name = "davnet.lmhd.me"
+ no_store = false
+ not_before_duration = (known after apply)
+ require_cn = true
+ server_flag = true
+ ttl = "2764800"
+ use_csr_common_name = true
+ use_csr_sans = true
}
# vault_pki_secret_backend_role.pki_roles["pki/api/api.test.lmhd.me-client.yaml"] will be created
+ resource "vault_pki_secret_backend_role" "pki_roles" {
+ allow_any_name = true
+ allow_bare_domains = true
+ allow_glob_domains = false
+ allow_ip_sans = false
+ allow_localhost = false
+ allow_subdomains = false
+ allowed_domains = []
+ allowed_domains_template = false
+ backend = "pki/api"
+ basic_constraints_valid_for_non_ca = false
+ client_flag = true
+ code_signing_flag = false
+ email_protection_flag = false
+ enforce_hostnames = false
+ generate_lease = false
+ id = (known after apply)
+ key_bits = 2048
+ key_type = "rsa"
+ key_usage = [
+ "DigitalSignature",
+ "KeyEncipherment",
]
+ max_ttl = "3600"
+ name = "api.test.lmhd.me-client"
+ no_store = false
+ not_before_duration = (known after apply)
+ organization = [
+ "fronter.federate:read",
+ "fronter.federate:write",
]
+ ou = [
+ "api.test.lmhd.me",
]
+ require_cn = false
+ server_flag = false
+ ttl = "3600"
+ use_csr_common_name = true
+ use_csr_sans = true
}