» vault_identity_oidc_key_allowed_client_id

Allows an Identity OIDC Role to use an OIDC Named key to generate identity tokens.

The Identity secrets engine is the identity management solution for Vault. It internally maintains the clients who are recognized by Vault.

Use this with vault_identity_oidc_key and vault_identity_oidc_key_allowed_client_id to configure a Role to generate Identity Tokens.

» Example Usage

resource "vault_identity_oidc_key" "key" {
  name      = "key"
  algorithm = "RS256"
}

resource "vault_identity_oidc_role" "role" {
  name = "role"
  key  = vault_identity_oidc_key.key.name
}

resource "vault_identity_oidc_key_allowed_client_id" "role" {
  key_name          = vault_identity_oidc_key.key.name
  allowed_client_id = vault_identity_oidc_role.role.client_id
}

» Argument Reference

The following arguments are supported:

  • key_name - (Required; Forces new resource) Name of the OIDC Key allow the Client ID.

  • allowed_client_id - (Required; Forces new resource) Client ID to allow usage with the OIDC named key