DigiCert Terraform Provider sample configuration

You can use the DigiCert Terraform Provider plugin to manage certificates from your DigiCert ONE platform. This plugin acts as a bridge between Terraform and DigiCert ONE APIs, ensuring seamless certificate management.

Before you begin

To use this plugin when running a Terraform plan, you must configure the plugin with an API key and host URL.
Ensure that you have created a certificate profile for REST API.
참고
At the user binding step, we recommend that you use a Service User. If you do not select a user, then any API KEY can be used to authenticate against this certificate profile.
Use the digicert_certificate core resource to define common_name, dns_names, csr, and other certificate parameters.

After you configure these parameters, the plugin ensures secure communication, provisioning certificates, and tracking certificates. For more information on DigiCert Terraform Provider integration, and details on various certificate management commands, see the HashiCorp Terraform Registry.

Configuration

You must build your main.tf file to configure the Terraform provider, generate a private key, and define the certificate output. Use the variables.tf file to declare the variables for the configuration.

예 1. Configuration (main.tf)

terraform {
  required_providers {
    digicert = {
      source  = "digicert/digicert"
      version = "~> 0.1"
    }
    tls = {
      source  = "hashicorp/tls"
      version = "~> 4.0"
    }
    local = {
      source  = "hashicorp/local"
      version = "~> 2.0"
    }
  }
}

# Configure DigiCert provider
provider "digicert" {
  api_key = var.digicert_api_key
  url     = var.digicert_url
}

# Generate private key
resource "tls_private_key" "server_key" {
  algorithm = var.private_key_algorithm
  rsa_bits  = var.private_key_rsa_bits
}

# Generate CSR
resource "tls_cert_request" "server_csr" {
  private_key_pem = tls_private_key.server_key.private_key_pem

  subject {
    common_name  = var.common_name
    organization = var.organization
    country      = var.country
  }

  dns_names = var.dns_names
}

# Request certificate from DigiCert
resource "digicert_certificate" "server_cert" {
  profile_id  = var.digicert_profile_id
  common_name = var.common_name
  csr         = tls_cert_request.server_csr.cert_request_pem
}

# Save files locally
resource "local_file" "private_key" {
  content         = tls_private_key.server_key.private_key_pem
  filename        = var.private_key_filename
  file_permission = var.private_key_file_permission
}

resource "local_file" "certificate" {
  content         = digicert_certificate.server_cert.certificate
  filename        = var.certificate_filename
  file_permission = var.certificate_file_permission
}

# Outputs
output "certificate_serial_number" {
  value = digicert_certificate.server_cert.serial_number
}

output "files_created" {
  value = {
    private_key = var.private_key_filename
    certificate = var.certificate_filename
  }
}

예 2. Variables (variables.tf)

variable "digicert_api_key" {
  description = "DigiCert API key for authentication"
  type        = string
  sensitive   = true
}

variable "digicert_url" {
  description = "DigiCert API URL"
  type        = string
}

variable "digicert_profile_id" {
  description = "DigiCert profile ID for certificate requests"
  type        = string
}

variable "common_name" {
  description = "Common name for the certificate"
  type        = string
}

variable "organization" {
  description = "Organization name for the certificate"
  type        = string
}

variable "country" {
  description = "Country code for the certificate"
  type        = string
}

variable "dns_names" {
  description = "List of DNS names for the certificate"
  type        = list(string)
}

variable "private_key_algorithm" {
  description = "Algorithm for private key generation"
  type        = string
}

variable "private_key_rsa_bits" {
  description = "Number of bits for RSA private key"
  type        = number
}

variable "private_key_filename" {
  description = "Filename for the private key file"
  type        = string
}

variable "certificate_filename" {
  description = "Filename for the certificate file"
  type        = string
}

variable "private_key_file_permission" {
  description = "File permissions for the private key file"
  type        = string
}

variable "certificate_file_permission" {
  description = "File permissions for the certificate file"
  type        = string
}

Sample configuration snippet

Sample snippet (`terraform.tfvars`)

The terraform.tfvars file contains actual values for the variables declared in the variables.tf file.

# DigiCert Configuration
digicert_api_key = "01gdthbbejkejlk2944kjfkjdvvcbcbmcmm2"
digicert_url     = "https://one.digicert.com"
digicert_profile_id = "fjhrh-djfh-sjshjhs"

# Certificate Details
common_name  = "name.io"
organization = "Your Organization"
country      = "Name of country"
dns_names    = [
  "sample.io",
  "www.sample.io"
]

# Private Key Configuration
private_key_algorithm = "RSA"
private_key_rsa_bits  = 2048

# Output Files
private_key_filename = "sample.io.key"
certificate_filename = "sample.io.crt"
private_key_file_permission = "0600"
certificate_file_permission = "0644"

이 섹션의 내용:

DigiCert Terraform Provider sample configuration

Before you begin

참고

Configuration

Sample configuration snippet

Sample snippet (terraform.tfvars)

검색 결과

Sample snippet (`terraform.tfvars`)