Skip to content

Latest commit

 

History

History
112 lines (93 loc) · 7.55 KB

index.md

File metadata and controls

112 lines (93 loc) · 7.55 KB
Raw

Centrify Provider

The Centrify provider is used to interact with the resources in Centrify Vault. It also allows other Terraform providers to retrieve vaulted password or secret from Centrify Vault.

Use the navigation to the left to read about the available resources.

Using The Provider

Specifying Provider Requirements

Use special terraform configuration block type to configure some behaviors of Terraform itself, such as provider source and minimum version.

terraform {
  required_providers {
    centrifyvault = {
      source  = "marcozj/centrifyvault"
    }
  }
}

Configure Provider Credential

The provider needs to be configured with the proper credentials before it can be used.

Example Usage (OAuth client id and credential authentication)

# Configure CentrifyVault Provider to use OAuth client id and credential authentication
provider "centrifyvault" {
    url = "https://<tenantid>.my.centrify.net"
    appid = "<YOUR APPLICATION ID>"
    scope = "<YOUR OAUTH2 SCOPE>"
    username = "<YOUR OAUTH2 CLIENT ID>"
    password = "<YOUR OAUTH2 CLIENT CREDENTIAL>"
}

Example Usage (OAuth2 token authentication)

# Configure CentrifyVault Provider to use OAuth2 token authentication
provider "centrifyvault" {
    url = "https://<tenantid>.my.centrify.net"
    appid = "<YOUR APPLICATION ID>"
    scope = "<YOUR OAUTH2 SCOPE>"
    token = "<YOUR OAUTH2 TOKEN>"
}

Example Usage (DMC authentication)

# Configure CentrifyVault Provider to use DMC authentication
# The host on which terraform is run must have Centrify Client installed and enrolled into Centrify Vault
provider "centrifyvault" {
    url = "https://<tenantid>.my.centrify.net"
    scope = "<YOUR DMC SCOPE>"
    use_dmc = true
}

Provider Argument Reference

The Provider supports OAuth2 and DMC authentication methods.

  • url - (Required) This is the cloud tenant or on-prem PAS URL, for example https://abc1234.my.centrify.net. It must be provided, but it can also be sourced from the VAULT_URL environment variable.
  • appid - (Optional) This is the OAuth application ID configured in Centrify Vault. It must be provided if use_dmc isn't set to true. It can also be sourced from the VAULT_APPID environment variable.
  • scope - (Required) This is either the OAuth or DMC scope. It must be provided, but it can also be sourced from the VAULT_SCOPE environment variable.
  • token - (Optional) This is the Oauth token. It can also be sourced from the VAULT_TOKEN environment variable.
  • username - (Optional) Authorized user to retrieve Oauth token. It can also be sourced from the VAULT_USERNAME environment variable. If token is provided, this argument is ignored.
  • password - (Optional) Authorized user's password for retrieving Oauth token. It can also be sourced from the VAULT_PASSWORD environment variable. If token is provided, this argument is ignored.
  • use_dmc - (Optional) Whether to use DMC authentication. It can also be sourced from the VAULT_USEDMC environment variable. The default is false. If this is set to true, appid, token, username and password arguments are ingored.
  • skip_cert_verify - (Optional) Whether to skip certificate validation. It is used for testing against on-prem PAS deployment which uses self-signed certificate. It can also be sourced from the VAULT_SKIPCERTVERIFY environment variable. The default is false.
  • log_level - (Optional) Log level. Can be set to fatal, error, info, or debug. It can also be sourced from VAULT_LOGLEVEL environment variable. Default is error.
  • logpath - (Optional) If specified, logging information is written to the file. It can also be sourced from VAULT_LOGPATH environment variable.

Supported Resources and Data Sources

Entity Resource Data Source
Directory Service centrifyvault_directoryservice
Directory Object centrifyvault_directoryobject
Global Group Mapping centrifyvault_globalgroupmappings
Federated Group centrifyvault_federatedgroup centrifyvault_federatedgroup
Centrify Directory User centrifyvault_user centrifyvault_user
Centrify Directory User Password centrifyvault_userpassword
Role centrifyvault_role centrifyvault_role
Role Membership centrifyvault_role_membership
Authentication Profile centrifyvault_authenticationprofile centrifyvault_authenticationprofile
Password Profile centrifyvault_passwordprofile centrifyvault_passwordprofile
Connector centrifyvault_connector
System centrifyvault_vaultsystem centrifyvault_vaultsystem
Database centrifyvault_vaultdatabase centrifyvault_vaultdatabase
Domain centrifyvault_vaultdomain centrifyvault_vaultdomain
Domain Configuration centrifyvault_vaultdomainconfiguration
Cloud Provider centrifyvault_cloudprovider centrifyvault_cloudprovider
Account centrifyvault_vaultaccount centrifyvault_vaultaccount
Multiplexed Account centrifyvault_multiplexedaccount centrifyvault_multiplexedaccount
Secret centrifyvault_vaultsecret centrifyvault_vaultsecret
Secret Folder centrifyvault_vaultsecretfolder centrifyvault_vaultsecretfolder
SSH Key centrifyvault_sshkey centrifyvault_sshkey
Windows Service centrifyvault_service centrifyvault_service
Generic Web App centrifyvault_webapp_generic centrifyvault_webapp_generic
SAML Web App centrifyvault_webapp_saml centrifyvault_webapp_saml
Oauth Web App centrifyvault_webapp_oauth centrifyvault_webapp_oauth
OpenID Connect Web App centrifyvault_webapp_oidc centrifyvault_webapp_oidc
Desktop App centrifyvault_desktopapp centrifyvault_desktopapp
Policy Order centrifyvault_policyorder
Policy centrifyvault_policy centrifyvault_policy
Global Workflow centrifyvault_globalworkflow