# Create an identity for the admin user resource "vault_identity_entity" "admin" { name = "admin" policies = ["admin"] metadata = { email = "admin@example.com" } depends_on = [ vault_policy.admin, vault_generic_secret.admin_user, ] } # Tie the identity to the userpass resource "vault_identity_entity_alias" "admin" { name = "admin" mount_accessor = vault_auth_backend.userpass.accessor canonical_id = vault_identity_entity.admin.id } # Tie the identity to a group resource "vault_identity_group" "admins" { name = "admins" member_entity_ids = [vault_identity_entity.admin.id] } # Create an oidc client resource "vault_identity_oidc_assignment" "everyone" { name = "everyone" entity_ids = [ vault_identity_entity.admin.id, ] group_ids = [ vault_identity_group.admins.id, ] } resource "vault_identity_oidc_key" "key" { name = "key" algorithm = "RS256" rotation_period = 3600 verification_ttl = 7200 allowed_client_ids = ["*"] } resource "vault_identity_oidc_client" "consul" { name = "consul" redirect_uris = [ "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback", "http://127.0.0.1:8251/callback", "http://127.0.0.1:8080/callback" ] assignments = [ vault_identity_oidc_assignment.everyone.name ] key = vault_identity_oidc_key.key.name id_token_ttl = 2400 access_token_ttl = 7200 }