stackit-dev-tools/terraform-provider-stackitprivatepreview
2
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
terraform-provider-stackitp.../docs/resources/service_account_access_token.md
Mauritz Uphoff d443b5416d
Feat: implement sa tokens (#712) 
* feat: implement sa access token resource
2025-03-21 09:29:56 +01:00

3.2 KiB
Raw Blame History

page_title subcategory description
stackit_service_account_access_token Resource - stackit Service account access token schema. ~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our guide https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources for how to opt-in to use beta resources. Example Usage Automatically rotate access tokens resource "stackit_service_account" "sa" { project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" name = "sa01" } resource "time_rotating" "rotate" { rotation_days = 80 } resource "stackit_service_account_access_token" "sa_token" { project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" service_account_email = stackit_service_account.sa.email ttl_days = 180 rotate_when_changed = { rotation = time_rotating.rotate.id } }

stackit_service_account_access_token (Resource)

Service account access token schema.

~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our guide for how to opt-in to use beta resources.

Example Usage

Automatically rotate access tokens

resource "stackit_service_account" "sa" {
  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name       = "sa01"
}

resource "time_rotating" "rotate" {
  rotation_days = 80
}

resource "stackit_service_account_access_token" "sa_token" {
  project_id            = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  service_account_email = stackit_service_account.sa.email
  ttl_days              = 180

  rotate_when_changed = {
    rotation = time_rotating.rotate.id
  }
}

Schema

Required

  • project_id (String) STACKIT project ID associated with the service account token.
  • service_account_email (String) Email address linked to the service account.

Optional

  • rotate_when_changed (Map of String) A map of arbitrary key/value pairs that will force recreation of the token when they change, enabling token rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.
  • ttl_days (Number) Specifies the token's validity duration in days. If unspecified, defaults to 90 days.

Read-Only

  • access_token_id (String) Identifier for the access token linked to the service account.
  • active (Boolean) Indicate whether the token is currently active or inactive
  • created_at (String) Timestamp indicating when the access token was created.
  • id (String) Terraform's internal resource identifier. It is structured as "project_id,service_account_email,access_token_id".
  • token (String, Sensitive) JWT access token for API authentication. Prefixed by 'Bearer' and should be stored securely as it is irretrievable once lost.
  • valid_until (String) Estimated expiration timestamp of the access token. For precise validity, check the JWT details.