This module orders a public certificate in an IBM Secrets Manager secrets group from an existing Secrets Manager instance that has a public certificate engine configured.
The module supports the following secret types:
- Public Certificates ordered from third parties
module "public_certificate" {
source = "terraform-ibm-modules/secrets-manager-public-cert/ibm"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
cert_common_name = "<common_name_for_domain>"
cert_description = "Certificate for example domain"
cert_name = "example-public-certificate"
cert_secrets_group_id = "<secrets_manager_secret_group_id>" # pragma: allowlist secret
secrets_manager_ca_name = "My CA Config"
secrets_manager_dns_provider_name = "My DNS Provider Config"
secrets_manager_guid = "<secrets_manager_instance_id>" # pragma: allowlist secret
secrets_manager_region = "us-south"
}
##############################################################################
# Example for CA with two DNS domains
##############################################################################
# Engine CA and first DNS config
##############################################################################
module "secrets_manager_public_cert_engine" {
source = "terraform-ibm-modules/secrets-manager-public-cert/ibm"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
secrets_manager_guid = "<secrets_manager_guid>"
region = "us-south"
internet_services_crn = ibm_cis.cis_instance.id
ibmcloud_cis_api_key = var.ibmcloud_api_key
dns_config_name = "DNS Provider Config"
ca_config_name = "CA Config"
acme_letsencrypt_private_key = var.acme_letsencrypt_private_key
}
##############################################################################
# Engine second DNS config
##############################################################################
module "secrets_manager_public_cert_engine_second_dns" {
source = "terraform-ibm-modules/secrets-manager-public-cert/ibm"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
secrets_manager_guid = "<secrets_manager_guid>"
region = "us-south"
internet_services_crn = ibm_cis.cis_instance.id
ibmcloud_cis_api_key = var.ibmcloud_api_key
dns_config_name = "Second DNS Provider Config"
}
##############################################################################
# Certificate in two DNS configuration
##############################################################################
module "secrets_manager_public_certificate" {
source = "terraform-ibm-modules/secrets-manager-public-cert/ibm"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
cert_common_name = var.cert_common_name
cert_description = "Certificate for ${var.cert_common_name} domain"
cert_name = "goldeneye-instance-sm-public-cert"
cert_secrets_group_id = "<secret_group_id>"
secrets_manager_ca_name = "CA Config"
secrets_manager_dns_provider_name = "Second DNS Provider Config"
secrets_manager_guid = "<secrets_manager_guid>"
secrets_manager_region = "us-south"
}
- Account Management
- Resource Group service
- Viewer platform access
- IAM Services
- Secrets Manager service
- Editor platform access
- Manager service access
- Secrets Manager service
Name | Version |
---|---|
terraform | >= 1.3.0 |
ibm | >= 1.62.0, < 2.0.0 |
No modules.
Name | Type |
---|---|
ibm_sm_public_certificate.secrets_manager_public_certificate | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
bundle_certs | Indicates whether the issued certificate is bundled with intermediate certificates. | bool |
true |
no |
cert_alt_names | Optional, Alternate names for the certificate to be created | list(string) |
null |
no |
cert_common_name | Fully qualified domain name or host domain name for the certificate to be created | string |
n/a | yes |
cert_description | Optional, Extended description of certificate to be created. To protect privacy, do not use personal data, such as name or location, as a description for certificate | string |
null |
no |
cert_name | The name of the certificate to be created in Secrets Manager | string |
n/a | yes |
cert_rotation | Optional, Rotation policy for the certificate to be created | object({ |
{ |
no |
cert_secrets_group_id | Optional, Id of Secrets Manager secret group to store the certificate in | string |
"default" |
no |
key_algorithm | The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate. | string |
"RSA2048" |
no |
secrets_manager_ca_name | The name of the Secrets Manager certificate authority | string |
n/a | yes |
secrets_manager_dns_provider_name | The name of the Secrets Manager DNS provider | string |
n/a | yes |
secrets_manager_guid | Secrets Manager GUID | string |
n/a | yes |
secrets_manager_region | Region the Secrets Manager instance is in | string |
n/a | yes |
service_endpoints | Service endpoint type to communicate with the provided secrets manager instance. Possible values are public or private |
string |
"public" |
no |
Name | Description |
---|---|
secret_crn | Public certificates secrets manager secret CRN |
secret_id | Public certificates secrets manager secret ID |
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.