Vault PKI roles have an exclude_cn_from_sans boolean attribute. If the attribute is true the given common_name will not be included in DNS or Email Subject Alternate Names (as appropriate). This is useful if the role is for something that is not a hostname or email address.
Description
Vault PKI roles have an exclude_cn_from_sans boolean attribute. If the attribute is true the given common_name will not be included in DNS or Email Subject Alternate Names (as appropriate). This is useful if the role is for something that is not a hostname or email address.
Affected Resource(s) and/or Data Source(s)
vault_pki_secret_backend_role
Potential Terraform Configuration
References
https://developer.hashicorp.com/vault/api-docs/secret/pki#exclude_cn_from_sans-1
Would you like to implement a fix?
None