Reference for the teleport_app_auth_config Terraform resource
Report an Issue
Is this page helpful?
This page describes the supported values of the teleport_app_auth_config resource of the Teleport Terraform provider.
Example Usage
resource "teleport_app_auth_config" "example" {
version = "v1"
metadata = {
name = "example"
description = "Example app auth config"
labels = {
example = "yes"
"teleport.dev/origin" = "dynamic"
}
}
spec = {
app_labels = [{
name = "teleport.internal/app-sub-kind"
values = ["mcp"]
}]
jwt = {
issuer = "https://issuer"
audience = "teleport"
jwks_url = "https://issuer/.well-known/jwks.json"
}
}
}
Schema
Required
metadata(Attributes) Metadata is the app auth config resource's metadata. (see below for nested schema)spec(Attributes) Spec is the app auth config specification. (see below for nested schema)version(String) Version is the app auth config resource version.
Optional
sub_kind(String) SubKind is the app auth config subkind.
Nested Schema for metadata
Required:
name(String) name is an object name.
Optional:
description(String) description is object description.expires(String) expires is a global expiry time header can be set on any resource in the system.labels(Map of String) labels is a set of labels.
Nested Schema for spec
Optional:
app_labels(Attributes List) AppLabels is used to define the app_labels matcher, which selects applications that can use this authentication conifg. An empty value means no application will use it. (see below for nested schema)jwt(Attributes) Jwt is the JWT authentication config spec. (see below for nested schema)
Nested Schema for spec.app_labels
Optional:
name(String) The name of the label.values(List of String) The values associated with the label.
Nested Schema for spec.jwt
Optional:
audience(String) Audience is the expected token audience. It will usually be a OAuth client_id issued for Teleport use.authorization_header(String) AuthorizationHeader is the HTTP header name that will contain the token. Defaults toAuthorization.issuer(String) Issuer is the JWT token issuer name. This value is used to verify the token.jwks_url(String) JwksUrl is the JSON Web Key Set (JWKS) URL used to fetch signing keys.static_jwks(String) StaticJwks is the JSON Web Key Set (JWKS) formatted public keys of the token issuer in JSON format.username_claim(String) UsernameClaim specifies which token claim name's value will be used as the username. Defaults toemail.
Was this page helpful?