Skip to content
This repository has been archived by the owner on Aug 7, 2023. It is now read-only.
/ terraform-provider-bless Public archive

Terraform provider to automate the creation of BLESS deployments

License

MIT license
12 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

chanzuckerberg/terraform-provider-bless

BranchesTags

Repository files navigation

Terraform-provider-bless

Please note: If you believe you have found a security issue, please responsibly disclose by contacting us at [email protected].

Terraform provider to automate the creation of BLESS deployments.

bless_ca

This provider generates a BLESS CA without leaking any sensitive material to the terraform state store. The private part of the key is encrypted with a password. This password is then encrypted through KMS so that it is compatible with BLESS.

Example usage

provider "bless" {
  region  = "us-east-1"
  profile = "<aws_profile>"
}

resource "bless_ca" "example" {
  kms_key_id = "<kms_key_id>"
}

# The encrypted CA private key
output "encrypted_ca" {
  value = "${bless_ca.example.encrypted_ca}"
}

# The CA public key
output "ca" {
  value = "${bless_ca.example.public_key}"
}

# The KMS encrypted CA password
output "password" {
  value = "${bless_ca.example.encrypted_password}"
}

This module only creates logical resources and therefore only contributes to terraform state. Does not create externally managed resources. In order to generate a new key then, you must taint the resource. Terraform will then generate a new key on the next run.

terraform taint bless.example

About

Terraform provider to automate the creation of BLESS deployments

Topics

lambda

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

12 stars

Watchers

16 watching

Forks

5 forks
Report repository

Releases 17

v0.5.0 Latest
Jan 15, 2021
+ 16 releases

Contributors 7

Languages