How-To: Manage EZCA Resources with the Keytos Terraform Provider
Learn how to manage your EZCA resources using the Keytos Terraform Provider. This guide will walk you through how to use the client to manage your EZCA resources effectively.
Introduction to the Keytos Terraform Provider
The Keytos Terraform Provider is a tool that allows you to manage your EZCA resources and other Keytos resources using Terraform. It provides a way to define your infrastructure as code and manage it in a consistent and repeatable way.
🌐 Keytos Terraform ProviderResource Types Available in the Keytos Terraform Provider
The Keytos Terraform Provider supports the following resource types for managing your EZCA resources:
Leaf Certificates
Leaf certificates are the end-entity certificates that are issued to your users, devices, or applications. The Keytos Terraform Provider allows you to create and manage leaf certificates using your EZCA certificate authorities and templates. Learn more in the EZCA Terraform Provider documentation.
Example Usage of the Keytos Terraform Provider
# This example showcases how a certificate can be created using
# the hashicorp tls provider
# https://registry.terraform.io/providers/hashicorp/tls/latest
#
# Make sure to go over the detailed documentation and descriptions
# for each data source and resource to understand its parameters
# and intended behavior.
provider "tls" {
}
provider "keytos" {
ezca_url = var.ezca_url
}
data "keytos_ezca_ssl_authority" "example" {
authority_id = var.authority_id
template_id = var.template_id
}
resource "tls_private_key" "example" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "tls_cert_request" "example" {
private_key_pem = tls_private_key.example.private_key_pem
subject {
common_name = "example.com"
organization = "Example Inc"
}
}
resource "keytos_ezca_ssl_leaf_cert" "example" {
authority_id = data.keytos_ezca_ssl_authority.example.authority_id
template_id = data.keytos_ezca_ssl_authority.example.template_id
cert_request_pem = tls_cert_request.example.cert_request_pem
validity_period = "72h"
additional_subject_alternative_names = {
dns_names = ["example.com"]
}
}