stvdilln/server_cert_role.tf

## server_cert_role.tf
#
# Role for server certs
# This creates certs of machinename.mydomain.com
#

#
resource "vault_pki_secret_backend_role" "role-server-cer" {
  backend = vault_mount.pki_int.path
  name = "server-cert-for-${var.server_cert_domain}"
  allowed_domains = [ var.server_cert_domain ]
  allow_subdomains = true
  allow_glob_domains = false
  allow_any_name = false
  enforce_hostnames = true
  allow_ip_sans = true
  server_flag = true
  client_flag = false
  ou = ["development"]
  organization = ["My Company"]
  country = ["usa"]
  locality = ["Beverly Hills"]
  # 2 years
  max_ttl = 63113904
  # 30 days
  ttl = 2592000
  no_store = true

}
	#
	# Role for server certs
	# This creates certs of machinename.mydomain.com
	#

	#
	resource "vault_pki_secret_backend_role" "role-server-cer" {
	backend = vault_mount.pki_int.path
	name = "server-cert-for-${var.server_cert_domain}"
	allowed_domains = [ var.server_cert_domain ]
	allow_subdomains = true
	allow_glob_domains = false
	allow_any_name = false
	enforce_hostnames = true
	allow_ip_sans = true
	server_flag = true
	client_flag = false
	ou = ["development"]
	organization = ["My Company"]
	country = ["usa"]
	locality = ["Beverly Hills"]
	# 2 years
	max_ttl = 63113904
	# 30 days
	ttl = 2592000
	no_store = true

	}