Inputs

The following input variables are supported:

allowed_groups

Description: Only members of these groups can access AWS

Type: set(string)

Default: []

authentik_domain

Description: The domain name of the authentik instance

Type: string

Default: n/a

authentik_namespace

Description: The kubernetes namespace where Authentik is deployed

Type: string

Default: n/a

media_configmap

Description: The configmap holding the static media that Authentik will use

Type: string

Default: n/a

organization_name

Description: The name of your organization

Type: string

Default: n/a

ui_description

Description: The description to display in the Authentik web dashboard

Type: string

Default: "A Hashicorp Vault cluster"

ui_group

Description: The section in the Authentik web dashboard that this will appear in

Type: string

Default: "Vault"

vault_domain

Description: The domain name of the Vault instance

Type: string

Default: n/a

vault_name

Description: The name of the vault instance. Must be unique in the Authentik system.

Type: string

Default: n/a

Outputs

The following outputs are exported:

client_id

Description: The client ID to provide to the auth/oidc auth method in Vault

client_secret

Description: The client secret to provide the auth/oidc auth method in Vault

oidc_discovery_url

Description: The OIDC discovery url to use for the auth/oidc auth method in Vault

oidc_issuer

Description: The issuer to use for the auth/oidc auth method in Vault

oidc_redirect_uris

Description: The redirect URIs to use for the auth/oidc auth method in Vault

oidc_redirect_uris_including_regexes

Description: All redirect URIs including regex patterns, suitable for OIDC providers that support regex matching

Providers

The following providers are needed by this module:

• authentik (2024.10.2)

• kubectl (2.1.6)

• kubernetes (2.35.0)

• pf (0.0.7)

• random (3.8.1)

• tls (4.2.1)