Vault OIDC Authentication
vault_auth_oidc
Allows SSO logins to the Vault instance via OIDC.
To be used with the authentik_vault_sso module.
Providers
The following providers are needed by this module:
- vault (3.25.0)
Required Inputs
The following input variables are required:
client_id
Description: The client id for the OIDC authentication
Type: string
client_secret
Description: The client secret for the OIDC authentication
Type: string
oidc_discovery_url
Description: The discover url for OIDC authentication
Type: string
oidc_issuer
Description: The bound issuer for OIDC authentication
Type: string
oidc_redirect_uris
Description: The allowed redirect URIs for OIDC authentication
Type: list(string)
Optional Inputs
The following input variables are optional (have default values):
admin_groups
Description: Groups that should have read and write access to this Vault
Type: list(string)
Default: []
reader_groups
Description: Groups that should have read-only access to this Vault
Type: list(string)
Default: []
superuser_groups
Description: Groups that should have superuser access to this Vault
Type: list(string)
Default: []
token_lifetime_seconds
Description: Number of seconds before generated tokens expire
Type: number
Default: 28800
Outputs
No outputs.
Usage
No notes