Vault/OpenBao setup for GatePlane Okta Group Gate Plugin
This Terraform module mounts the Okta Group Gate Plugin under a Vault/OpenBao path.
| Name | Version |
|---|---|
| terraform | >= 1.11.0 |
| null | >= 3.2.4 |
| vault | >= 4.7.0 |
| Name | Version |
|---|---|
| null | 3.2.4 |
| vault | 5.0.0 |
| Name | Type |
|---|---|
| null_resource.reconfigure | resource |
| vault_auth_backend.this | resource |
| vault_generic_endpoint.plugin_config | resource |
| vault_generic_endpoint.plugin_config_okta_api | resource |
| vault_policy.gtkpr | resource |
| vault_policy.user | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Name of the gate, used in the mount path | any |
n/a | yes |
| okta_api | The credentials to connect to the Okta API. (Currently only SSWS authentication is supported, with GROUP_MEMBERSHIP_ADMIN) |
object({ |
n/a | yes |
| okta_group_id | The Okta Group where the users will be temporarily added to (e.g: 00g5j4jojlGZMzfhM697) . |
string |
n/a | yes |
| okta_mount_accessor | The mount accessor of the Vault/Openbao Auth Backend that authenticates entities through Okta. (Currently only OIDC Auth Method configured with Okta App is supported) | string |
n/a | yes |
| description | Brief explanation of what access is claimed by this gate | string |
"" |
no |
| enable_ui | Add capabilities for GatePlane UI to the created policies. | bool |
true |
no |
| endpoint_prefix | n/a | string |
"gp" |
no |
| lease_ttl | The duration that the Okta User will remain in the Okta Group (e.g.: 1h). |
string |
"30m" |
no |
| okta_entity_key | n/a | string |
"user" |
no |
| path_prefix | Where under auth/ will the endpoint be mounted |
string |
"gateplane" |
no |
| plugin_name | n/a | string |
"gateplane-okta-group-gate" |
no |
| plugin_options | Options provided by the plugin, available in plugin documentation. | map |
{} |
no |
| policy_prefix | n/a | string |
"gateplane" |
no |
| Name | Description |
|---|---|
| mount_path | The Vault/OpenBao path where the plugin has been mounted. |
| policy_names | The names of the policies created and referenced in this module. |
This project is licensed under the Elastic License v2.
This means:
- ✅ You can use, fork, and modify it for yourself or within your company.
- ✅ You can submit pull requests and redistribute modified versions (with the license attached).
- ❌ You may not sell it, offer it as a paid product, or use it in a hosted service (e.g., SaaS).
- ❌ You may not re-license it under a different license.
In short: You can use and extend the code freely, privately or inside your business - just don’t build a business around it without our permission. This FAQ by Elastic greatly summarizes things.
See the ./LICENSES/Elastic-2.0.txt file for full details.