The Sectigo Terraform integration provides a seamless solution for the enrollment, collection, renewal, replacement, and revocation of SSL/TLS and client (S/MIME) certificates issued by the Sectigo Certificate Manager (SCM). This integration is distributed as a Terraform provider. It provides the following features:

  • RSA 2048, 3072, and 4096-bit private key generation

  • ECDSA P-256, P-381, and P-521 curve length private key generation

  • Certificate Signing Request (CSR) generation

  • Enrollment, collection, revocation, renewal, and replacement of certificates issued by SCM

The Sectigo Terraform integration supports both the generation of new SSL/TLS and client certificates and the detection of existing certificates stored in a location accessible to the provider at runtime. The integration also checks the validity of existing certificates and allows the issuance of replacement certificates as required. There are various types of SSL certificates that can be requested by supplying the appropriate configuration options.

The types of SSL/TLS and client certificates available are based on your account setup.

The Sectigo Go Cert APIs are called by the Sectigo Terraform provider which makes all the necessary REST API calls to SCM.

Sectigo Terraform Integration

The following is a detailed diagram of the Terraform integration.

Detailed Terraform Integration Diagram

Understanding the integration

The Sectigo Terraform integration is based on the Terraform provider binary file terraform-provider-sectigo that mediates the interaction between Terraform and the Sectigo REST API.

Package contents

The Sectigo Terraform integration package contains the following:

  • terraform-provider-sectigo:

    • terraform-provider-sectigo_v2.x.x: The Sectigo Terraform plugin that handles the terraform init, terraform plan, terraform apply, and terraform destroy commands.

    • main.tf: The primary Terraform configuration file. This file allows users to choose which types of certificates are required. The file maps the variables from terraform.auto.tfvars to the terraform-provider-sectigo provider attributes.

    • variable.tf: A configuration file that defines the variables assigned in terraform.auto.tfvars, including their data types. Terraform uses this file to map variables defined in main.tf to terraform.auto.tfvars.

    • terraform.auto.tfvars: Contains the set of variables and their configured values.

    • output.tf: Contains the declarations for outputs.

    • Sample:

      • cronjob: A directory that includes several files that showcase how a cronjob may be used with the Sectigo Terraform plugin.

      • index.html: A sample home page

      • server.conf: A sample NGINX config file

Sectigo Terraform provider