You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"label": "[Add-ons Beta] Cloud automation for Secrets Manager",
5
+
"label": "Testing - Cloud automation for Secrets Manager",
6
6
"product_kind": "solution",
7
7
"tags": [
8
8
"ibm_created",
@@ -61,29 +61,18 @@
61
61
"configuration": [
62
62
{
63
63
"key": "ibmcloud_api_key",
64
-
"type": "password",
65
-
"description": "The API Key to use for IBM Cloud.",
66
64
"required": true
67
65
},
68
66
{
69
67
"key": "use_existing_resource_group",
70
-
"type": "boolean",
71
-
"default_value": false,
72
-
"description": "Whether to use an existing resource group.",
73
68
"required": false
74
69
},
75
70
{
76
71
"key": "resource_group_name",
77
-
"type": "string",
78
-
"default_value": "__NULL__",
79
-
"description": "The name of a new or existing resource group to provision resources to. If a prefix input variable is specified, it's added to the value in the `<prefix>-value` format. Optional if `existing_secrets_manager_crn` is not specified.",
80
72
"required": true
81
73
},
82
74
{
83
75
"key": "region",
84
-
"type": "string",
85
-
"default_value": "us-south",
86
-
"description": "The region to provision resources to.",
87
76
"required": true,
88
77
"custom_config": {
89
78
"type": "region",
@@ -96,23 +85,14 @@
96
85
},
97
86
{
98
87
"key": "prefix",
99
-
"type": "string",
100
-
"default_value": "__NULL__",
101
-
"description": "The prefix to apply to all resources created by this solution.",
102
88
"required": false
103
89
},
104
90
{
105
91
"key": "secrets_manager_instance_name",
106
-
"type": "string",
107
-
"default_value": "base-security-services-sm",
108
-
"description": "The name to give the Secrets Manager instance provisioned by this solution. If a prefix input variable is specified, it is added to the value in the `<prefix>-value` format.",
109
92
"required": false
110
93
},
111
94
{
112
95
"key": "service_plan",
113
-
"type": "string",
114
-
"default_value": "standard",
115
-
"description": "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. Applies only if `provision_sm_instance` is set to `true`.",
116
96
"required": false,
117
97
"options": [
118
98
{
@@ -127,9 +107,6 @@
127
107
},
128
108
{
129
109
"key": "allowed_network",
130
-
"type": "string",
131
-
"default_value": "private-only",
132
-
"description": "The types of service endpoints to set on the Secrets Manager instance. Possible values: `private-only`, `public-and-private`.",
133
110
"required": false,
134
111
"options": [
135
112
{
@@ -144,141 +121,82 @@
144
121
},
145
122
{
146
123
"key": "secret_manager_tags",
147
-
"type": "array",
148
-
"default_value": "[]",
149
-
"description": "The list of resource tags you want to associate with your Secrets Manager instance.",
150
124
"required": false
151
125
},
152
126
{
153
127
"key": "iam_engine_enabled",
154
-
"type": "boolean",
155
-
"default_value": false,
156
-
"description": "Set this to true to to configure a Secrets Manager IAM credentials engine. If set to false, no IAM engine will be configured for your instance.",
157
128
"required": false
158
129
},
159
130
{
160
131
"key": "iam_engine_name",
161
-
"type": "string",
162
-
"default_value": "base-sm-iam-engine",
163
-
"description": "The name of the IAM engine used to configure a Secrets Manager IAM credentials engine. If the prefix input variable is passed it is attached before the value in the format of '<prefix>-value'.",
164
132
"required": false
165
133
},
166
134
{
167
135
"key": "public_engine_enabled",
168
-
"type": "boolean",
169
-
"default_value": false,
170
-
"description": "Set this to true to configure a Secrets Manager public certificate engine for an existing Secrets Manager instance. If set to false, no public certificate engine will be configured for your instance.",
171
136
"required": false
172
137
},
173
138
{
174
139
"key": "public_engine_name",
175
-
"type": "string",
176
-
"default_value": "public-engine-sm",
177
-
"description": "The name of the IAM engine used to configure a Secrets Manager public certificate engine for an existing instance.",
178
140
"required": false
179
141
},
180
142
{
181
143
"key": "cis_id",
182
-
"type": "string",
183
-
"default_value": "__NULL__",
184
-
"description": "Cloud Internet Service ID.",
185
144
"required": false
186
145
},
187
146
{
188
147
"key": "dns_provider_name",
189
-
"type": "string",
190
-
"default_value": "certificate-dns",
191
-
"description": "The name of the DNS provider for the public certificate secrets engine configuration.",
192
148
"required": false
193
149
},
194
150
{
195
151
"key": "ca_name",
196
-
"type": "string",
197
-
"default_value": "cert-auth",
198
-
"description": "The name of the certificate authority for Secrets Manager.",
199
152
"required": false
200
153
},
201
154
{
202
155
"key": "acme_letsencrypt_private_key",
203
-
"type": "password",
204
-
"description": "The private key generated by the ACME account creation tool.",
205
156
"required": false
206
157
},
207
158
{
208
159
"key": "private_engine_enabled",
209
-
"type": "boolean",
210
-
"default_value": false,
211
-
"description": "Set this to true to configure a Secrets Manager private certificate engine for an existing instance. If set to false, no private certificate engine will be configured for your instance.",
212
160
"required": false
213
161
},
214
162
{
215
163
"key": "private_engine_name",
216
-
"type": "string",
217
-
"default_value": "private-engine-sm",
218
-
"description": "The name of the IAM Engine used to configure a Secrets Manager private certificate engine for an existing instance.",
219
164
"required": false
220
165
},
221
166
{
222
167
"key": "root_ca_name",
223
-
"type": "string",
224
-
"default_value": "root-ca",
225
-
"description": "The name of the root certificate authority associated with the private_cert secret engine.",
226
168
"required": false
227
169
},
228
170
{
229
171
"key": "root_ca_common_name",
230
-
"type": "string",
231
-
"default_value": "terraform-modules.ibm.com",
232
-
"description": "The fully qualified domain name or host domain name for the certificate that will be created.",
233
172
"required": false
234
173
},
235
174
{
236
175
"key": "root_ca_max_ttl",
237
-
"type": "string",
238
-
"default_value": "87600h",
239
-
"description": "The maximum time-to-live value for the root certificate authority.",
240
176
"required": false
241
177
},
242
178
{
243
179
"key": "intermediate_ca_name",
244
-
"type": "string",
245
-
"default_value": "intermediate-ca",
246
-
"description": "A human-readable unique name to assign to the intermediate certificate authority configuration.",
247
180
"required": false
248
181
},
249
182
{
250
183
"key": "certificate_template_name",
251
-
"type": "string",
252
-
"default_value": "default-cert-template",
253
-
"description": "The name of the certificate template.",
254
184
"required": false
255
185
},
256
186
{
257
187
"key": "skip_kms_iam_authorization_policy",
258
-
"type": "boolean",
259
-
"default_value": false,
260
-
"description": "Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances in the resource group to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the `existing_kms_instance_crn` variable. If a value is specified for `ibmcloud_kms_api_key`, the policy is created in the KMS account.",
261
188
"required": false
262
189
},
263
190
{
264
191
"key": "existing_secrets_manager_kms_key_crn",
265
-
"type": "string",
266
-
"default_value": "__NULL__",
267
-
"description": "The CRN of a Key Protect or Hyper Protect Crypto Services key to use for Secrets Manager. If not specified, a key ring and key are created.",
268
192
"required": false
269
193
},
270
194
{
271
195
"key": "existing_kms_instance_crn",
272
-
"type": "string",
273
-
"default_value": "__NULL__",
274
-
"description": "The CRN of the KMS instance (Hyper Protect Crypto Services or Key Protect). Required only if `existing_secrets_manager_crn` or `existing_secrets_manager_kms_key_crn` is not specified. If the KMS instance is in different account you must also provide a value for `ibmcloud_kms_api_key`.",
275
196
"required": false
276
197
},
277
198
{
278
199
"key": "kms_endpoint_type",
279
-
"type": "string",
280
-
"default_value": "private",
281
-
"description": "The type of endpoint to use for communicating with the Key Protect or Hyper Protect Crypto Services instance. Possible values: `public`, `private`. Applies only if `existing_secrets_manager_kms_key_crn` is not specified.",
282
200
"required": false,
283
201
"options": [
284
202
{
@@ -293,78 +211,46 @@
293
211
},
294
212
{
295
213
"key": "kms_key_ring_name",
296
-
"type": "string",
297
-
"default_value": "sm-cos-key-ring",
298
-
"description": "The name for the new key ring to store the key. Applies only if `existing_secrets_manager_kms_key_crn` is not specified. If a prefix input variable is passed, it is added to the value in the `<prefix>-value` format. .",
299
214
"required": false
300
215
},
301
216
{
302
217
"key": "kms_key_name",
303
-
"type": "string",
304
-
"default_value": "sm-cos-key",
305
-
"description": "The name for the new root key. Applies only if `existing_secrets_manager_kms_key_crn` is not specified. If a prefix input variable is passed, it is added to the value in the `<prefix>-value` format.",
"description": "If set to true, this skips the creation of a service to service authorization from Secrets Manager to Event Notifications. If false, the service to service authorization is created.",
320
226
"required": false
321
227
},
322
228
{
323
229
"key": "enable_event_notification",
324
-
"type": "boolean",
325
-
"default_value": false,
326
-
"description": "Set this to true to enable lifecycle notifications for your Secrets Manager instance by connecting an Event Notifications service. When setting this to true, a value must be passed for `existing_en_instance_crn` and `existing_sm_instance_crn` must be null.",
327
230
"required": false
328
231
},
329
232
{
330
233
"key": "existing_secrets_endpoint_type",
331
-
"type": "string",
332
-
"default_value": "private",
333
-
"description": "The endpoint type to use if existing_secrets_manager_crn is specified. Possible values: public, private.",
334
234
"required": false
335
235
},
336
236
{
337
237
"key": "existing_secrets_manager_crn",
338
-
"type": "string",
339
-
"default_value": "__NULL__",
340
-
"description": "The CRN of an existing Secrets Manager instance. If not supplied, a new instance is created.",
341
238
"required": false
342
239
},
343
240
{
344
241
"key": "ibmcloud_kms_api_key",
345
-
"type": "password",
346
-
"description": "The IBM Cloud API key that can create a root key and key ring in the key management service (KMS) instance. If not specified, the 'ibmcloud_api_key' variable is used. Specify this key if the instance in `existing_kms_instance_crn` is in an account that's different from the Secrets Manager instance. Leave this input empty if the same account owns both instances.",
347
242
"required": false
348
243
},
349
244
{
350
245
"key": "sm_en_email_list",
351
-
"type": "array",
352
-
"default_value": "[]",
353
-
"description": "The list of email address to target out when Secrets Manager triggers an event",
0 commit comments