You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description="The name of a new or an existing resource group in which to provision Secrets Manager resources to. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. Optional if existing_secrets_manager_crn is not set."
19
+
description="The name of a new or existing resource group to provision resources to. If a prefix input variable is specified, it's added to the value in the `<prefix>-value` format. Optional if `existing_secrets_manager_crn` is not specified."
20
20
default=null
21
21
}
22
22
23
23
variable"region" {
24
24
type=string
25
-
description="The region in which to provision Secrets Manager resources."
25
+
description="The region to provision resources to."
26
26
default="us-south"
27
27
}
28
28
29
29
variable"prefix" {
30
30
type=string
31
-
description="(Optional) Prefix to append to all resources created by this solution."
31
+
description="The prefix to apply to all resources created by this solution."
32
32
default=null
33
33
}
34
34
@@ -38,80 +38,80 @@ variable "prefix" {
38
38
39
39
variable"secrets_manager_instance_name" {
40
40
type=string
41
-
description="The name to give the Secrets Manager instance that will be provisioned by this solution. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'"
41
+
description="The name to give the Secrets Manager instance provisioned by this solution. If a prefix input variable is specified, it is added to the value in the `<prefix>-value` format."
42
42
default="base-security-services-sm"
43
43
}
44
44
45
45
variable"existing_secrets_manager_crn" {
46
46
type=string
47
-
description="The CRN of an existing Secrets Manager instance. If not supplied, a new Secrets Manager instance will be created."
47
+
description="The CRN of an existing Secrets Manager instance. If not supplied, a new instance is created."
48
48
default=null
49
49
}
50
50
51
51
variable"existing_secrets_endpoint_type" {
52
52
type=string
53
-
description="The endpoint type to use if passing a value for `existing_secrets_manager_crn`."
53
+
description="The endpoint type to use if existing_secrets_manager_crn is specified. Possible values: public, private."
error_message="Allowed values for 'existing_secrets_endpoint_type' are \"public\" and \"private\"."
57
+
error_message="Only \"public\" and \"private\" are allowed values for 'existing_secrets_endpoint_type'."
58
58
}
59
59
}
60
60
61
61
variable"service_plan" {
62
62
type=string
63
-
description="The service/pricing plan to use when provisioning a new Secrets Manager instance. Allowed values: 'standard' and 'trial'. Only used if `provision_sm_instance` is set to true."
63
+
description="The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. Applies only if `provision_sm_instance` is set to `true`."
error_message="The specified allowed_network is not a valid selection!"
77
+
error_message="The specified allowed_network is not a valid selection."
78
78
}
79
79
}
80
80
81
81
variable"secret_manager_tags" {
82
82
type=list(any)
83
-
description="The list of resource tags that you want to associate with your Secrets Manager instance."
83
+
description="The list of resource tags you want to associate with your Secrets Manager instance."
84
84
default=[]
85
85
}
86
86
87
87
variable"public_engine_enabled" {
88
88
type=bool
89
-
description="Set this to true to to configure an IBM Secrets Manager public certificate engine for an existing IBM Secrets Manager instance. If set to false, no public certificate engine will be configured for your secrets manager instance. For more details, see https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates."
89
+
description="Set this to true to configure a Secrets Manager public certificate engine for an existing Secrets Manager instance. If set to false, no public certificate engine will be configured for your instance."
90
90
default=false
91
91
}
92
92
93
93
# Public cert engine config
94
94
variable"public_engine_name" {
95
95
type=string
96
-
description="The name of the IAM Engine used to configure an IBM Secrets Manager public certificate engine for an existing IBM Secrets Manager instance."
96
+
description="The name of the IAM engine used to configure a Secrets Manager public certificate engine for an existing instance."
97
97
default="public-engine-sm"
98
98
}
99
99
100
100
variable"cis_id" {
101
101
type=string
102
-
description="Cloud Internet Service ID"
102
+
description="Cloud Internet Service ID."
103
103
default=null
104
104
}
105
105
106
106
variable"dns_provider_name" {
107
107
type=string
108
-
description="Name of the DNS provider for the public_cert secrets engine"
108
+
description="The name of the DNS provider for the public certificate secrets engine configuration."
description="Set this to true to to configure an IBM Secrets Manager private certificate engine for an existing IBM Secrets Manager instance. If set to false, no private certificate engine will be configured for your secrets manager instance. For more details, see https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-create-certificates#:~:text=In%20Secrets%20Manager%2C%20the%20private,and%20manage%20in%20the%20service."
128
+
description="Set this to true to configure a Secrets Manager private certificate engine for an existing instance. If set to false, no private certificate engine will be configured for your instance."
129
129
default=false
130
130
}
131
131
132
132
variable"private_engine_name" {
133
133
type=string
134
-
description="The name of the IAM Engine used to configure an IBM Secrets Manager private certificate engine for an existing IBM Secrets Manager instance."
134
+
description="The name of the IAM Engine used to configure a Secrets Manager private certificate engine for an existing instance."
135
135
default="private-engine-sm"
136
136
}
137
137
138
138
variable"root_ca_name" {
139
139
type=string
140
-
description="Name of the Root CA to create for a private_cert secret engine"
140
+
description="The name of the root certificate authority associated with the private_cert secret engine."
141
141
default="root-ca"
142
142
}
143
143
144
144
variable"root_ca_common_name" {
145
145
type=string
146
-
description="Fully qualified domain name or host domain name for the certificate to be created"
146
+
description="The fully qualified domain name or host domain name for the certificate that will be created."
147
147
default="terraform-modules.ibm.com"
148
148
}
149
149
150
150
variable"root_ca_max_ttl" {
151
151
type=string
152
-
description="Maximum TTL value for the root CA"
152
+
description="The maximum time-to-live value for the root certificate authority."
153
153
default="87600h"
154
154
}
155
155
156
156
variable"intermediate_ca_name" {
157
157
type=string
158
-
description="A human-readable unique name to assign to the intermediate CA configuration."
158
+
description="A human-readable unique name to assign to the intermediate certificate authority configuration."
description="Set this to true to to configure an IBM Secrets Manager IAM credentials engine. If set to false, no iam engine will be configured for your secrets manager instance. For more details, see https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-configure-iam-engine."
170
+
description="Set this to true to to configure a Secrets Manager IAM credentials engine. If set to false, no IAM engine will be configured for your instance."
171
171
default=false
172
172
}
173
173
174
174
variable"iam_engine_name" {
175
175
type=string
176
-
description="The name of the IAM Engine used to configure an IBM Secrets Manager IAM credentials engine. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'"
176
+
description="The name of the IAM engine used to configure a Secrets Manager IAM credentials engine. If the prefix input variable is passed it is attached before the value in the format of '<prefix>-value'."
description="Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances in the resource group to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the existing_kms_instance_crn variable."
186
+
description="Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances in the resource group to read the encryption key. If set to false, pass in a value for the Key Protect or Hyper Protect Crypto Service instance in the existing_kms_instance_crn variable."
187
187
default=false
188
188
}
189
189
190
190
variable"existing_secrets_manager_kms_key_crn" {
191
191
type=string
192
-
description="The CRN of an existing KMS key to use for Secrets Manager. If not supplied, a new key ring and key will be created."
192
+
description="The CRN of a Key Protect or Hyper Protect Crypto Services key to use for Secrets Manager. If not specified, a key ring and key are created."
description="The CRN of the existed Hyper Protect Crypto Services or Key Protect instance. Only required if not supplying an existing KMS key to use for Secrets Manager."
203
+
description="The CRN of the Hyper Protect Crypto Services or Key Protect instance. Applies only if `existing_secrets_manager_kms_key_crn` is not specified."
204
204
}
205
205
206
206
variable"kms_endpoint_type" {
207
207
type=string
208
-
description="The type of endpoint to be used for communicating with the KMS instance. Allowed values are: 'public' or 'private' (default). Only required if not supplying an existing KMS root key CRN."
208
+
description="The type of endpoint to use for communicating with the Key Protect or Hyper Protect Crypto Services instance. Possible values: `public`, `private`. Applies only if `existing_secrets_manager_kms_key_crn` is not specified."
description="The name to give to the new KMS key ring that will be used to store the KMS key to enable advanced, customer-managed encryption for your Secrets Manager secrets. Only required if not supplying an existing KMS root key CRN. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'"
219
+
description="The name for the new key ring to store the key. Applies only if `existing_secrets_manager_kms_key_crn` is not specified. If a prefix input variable is passed, it is added to the value in the `<prefix>-value` format. ."
220
220
}
221
221
222
222
variable"kms_key_name" {
223
223
type=string
224
224
default="sm-cos-key"
225
-
description="The name to give to the new KMS root key that will be used to enable advanced, customer-managed encryption for your Secrets Manager secrets. Only required if not supplying an existing KMS root key CRN. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'"
225
+
description="The name for the new root key. Applies only if `existing_secrets_manager_kms_key_crn` is not specified. If a prefix input variable is passed, it is added to the value in the `<prefix>-value` format."
description="Set to true to skip the creation of an IAM authorization policy that permits all Secrets Manager instances (scoped to the resource group) an 'Event Source Manager' role to the given Event Notifications instance passed in the `existing_event_notification_instance_crn` input variable."
240
+
description="If set to true, this skips the creation of a service to service authorization from Secrets Manager to Event Notifications. If false, the service to service authorization is created."
0 commit comments