Skip to content

hashicorp-modules/tls-self-signed-cert

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
examples
examples
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

TLS Self Signed Cert Terraform Module

  • Generates a secure RSA or ECDAS private key for the CA cert
  • Generates a self signed CA cert
  • Generates a secure RSA or ECDAS private key for the leaf cert
  • Generates a TLS certificate request for the leaf cert
  • Generates a locally signed leaf cert
  • Encodes the private keys as PEM

Checkout examples for fully functioning examples.

Environment Variables

This module doesn't require any environment variables to be set.

Input Variables

  • create: [Optional] Create Module, defaults to true.
  • name: [Optional] Filename to write the private key data to, default to "tls-private-key".
  • algorithm: [Optional] The name of the algorithm to use for the key. Currently-supported values are "RSA" and "ECDSA". Defaults to "RSA".
  • rsa_bits: [Optional] When algorithm is "RSA", the size of the generated RSA key in bits. Defaults to "2048".
  • ecdsa_curve: [Optional] When algorithm is "ECDSA", the name of the elliptic curve to use. May be any one of "P224", "P256", "P384" or "P521". Defaults to "P224".
  • permissions: [Optional] The Unix file permission to assign to the cert files (e.g. 0600), defaults to "0600".
  • validity_period_hours: [Required] The number of hours after initial issuing that the certificate will become invalid.
  • ca_allowed_uses: [Optional] List of keywords from RFC5280 describing a use that is permitted for the CA certificate. For more info and the list of keywords, see https://www.terraform.io/docs/providers/tls/r/self_signed_cert.html#allowed_uses.
  • ca_common_name: [Optional] The common name to use in the subject of the CA certificate (e.g. hashicorp.com).
  • organization_name: [Required] The name of the organization to associate with the certificates (e.g. HashiCorp Inc.).
  • allowed_uses: [Required] List of keywords from RFC5280 describing a use that is permitted for the issued certificate. For more info and the list of keywords, see https://www.terraform.io/docs/providers/tls/r/self_signed_cert.html#allowed_uses.
  • common_name: [Required] The common name to use in the subject of the certificate (e.g. hashicorp.com).
  • dns_names: [Required] List of DNS names for which the certificate will be valid (e.g. foo.hashicorp.com), defaults to empty list.
  • ip_addresses: [Required] List of IP addresses for which the certificate will be valid (e.g. 127.0.0.1), defaults to empty list.
  • ca_override: [Optional] Don't create a CA cert, override with the provided CA to sign certs withr
  • ca_key_override: [Optional] CA private key pem override.
  • ca_cert_override: [Optional] CA cert pem override.
  • download_certs: [Optional] Download certs locally, defaults to false.

Outputs

  • algorithm: The algorithm that was selected for the key.

  • ca_cert_pem: The CA cert data in PEM format.

  • ca_cert_validity_start_time: The time after which the CA certificate is valid, as an RFC3339 timestamp.

  • ca_cert_validity_end_time: The time until which the CA certificate is invalid, as an RFC3339 timestamp.

  • ca_private_key_pem: The CA cert private key data in PEM format.

  • ca_private_key_name: The CA cert private key filename.

  • ca_private_key_filename: The CA cert private key filename with file extension.

  • ca_public_key_pem: The CA cert public key data in PEM format.

  • ca_public_key_openssh: The CA cert public key data in OpenSSH authorized_keys format, if the selected private key format is compatible. All RSA keys are supported, and ECDSA keys with curves "P256", "P384" and "P251" are supported. This attribute is empty if an incompatible ECDSA curve is selected.

  • leaf_private_key_pem: The Leaf cert private key data in PEM format.

  • leaf_private_key_name: The Leaf cert private key filename.

  • leaf_private_key_filename: The Leaf cert private key filename with file extension.

  • leaf_public_key_pem: The Leaf cert public key data in PEM format.

  • leaf_public_key_openssh: The Leaf cert public key data in OpenSSH authorized_keys format, if the selected private key format is compatible. All RSA keys are supported, and ECDSA keys with curves "P256", "P384" and "P251" are supported. This attribute is empty if an incompatible ECDSA curve is selected.

  • leaf_cert_request_pem: The Leaf cert request data in PEM format.

  • leaf_cert_pem: The Leaf cert data in PEM format.

  • leaf_cert_validity_start_time: The time after which the leaf certificate is valid, as an RFC3339 timestamp.

  • leaf_cert_validity_end_time: The time until which the leaf certificate is invalid, as an RFC3339 timestamp.

Submodules

This module has no submodules.

Authors

HashiCorp Solutions Engineering Team.

License

Mozilla Public License Version 2.0. See LICENSE for full details.

About

No description, website, or topics provided.

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

6 stars

Watchers

5 watching

Forks

20 forks
Report repository

Releases 3

Remove newline at end of certs Latest
Sep 12, 2018
+ 2 releases

Packages

No packages published

Languages