forked from terraform-google-modules/terraform-google-vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
120 lines (99 loc) · 3.21 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/*
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable project_id {
description = "The project ID to add the IAM bindings for the service account to"
}
variable storage_bucket {
description = "Name of the GCS bucket for the Vault backend storage"
}
variable network {
description = "The network to deploy to"
default = "default"
}
variable subnetwork {
description = "The subnetwork to deploy to"
default = "default"
}
variable region {
description = "The region to create the instance in."
}
variable zone {
description = "The zone to create the instance in."
}
variable machine_type {
description = "The machine type for the instance"
default = "n1-standard-1"
}
variable vault_version {
description = "The version of vault to install."
default = "0.11.3"
}
variable vault_args {
description = "Additional command line arguments passed to vault server"
default = ""
}
variable force_destroy_bucket {
description = "Set to true to force deletion of backend bucket on terraform destroy"
default = false
}
variable kms_keyring_name {
description = "The name of the Cloud KMS KeyRing for asset encryption"
}
variable kms_key_name {
description = "The name of the Cloud KMS Key used for asset encryption/decryption"
default = "vault-init"
}
variable tls_ca_subject {
description = "The `subject` block for the root CA certificate."
type = "map"
default = {
common_name = "Example Inc. Root"
organization = "Example, Inc"
organizational_unit = "Department of Certificate Authority"
street_address = ["123 Example Street"]
locality = "The Intranet"
province = "CA"
country = "US"
postal_code = "95559-1227"
}
}
variable tls_dns_names {
description = "List of DNS names added to the Vault server self-signed certificate"
type = "list"
default = ["vault.example.net"]
}
variable tls_ips {
description = "List of IP addresses added to the Vault server self-signed certificate"
type = "list"
default = ["127.0.0.1"]
}
variable tls_cn {
description = "The TLS Common Name for the TLS certificates"
default = "vault.example.net"
}
variable tls_ou {
description = "The TLS Organizational Unit for the TLS certificate"
default = "IT Security Operations"
}
variable vault_keyshare_gpg_keys {
description = "Space-separate list of gpg fingerprints for which to encrypt shards"
}
variable vault_keyshare_threshold {
description = "How many keys are required for unseal (should be lte than total keys)"
}
variable vault_root_token_gpg_key {
description = "GPG key to encrypt initial root token with"
}