id-unibe-ch · studerma · Jun 25, 2024 · Jun 24, 2024 · Jun 24, 2024 · Jun 25, 2024
diff --git a/README.md b/README.md
@@ -91,7 +91,7 @@ If anyone wants to initialize a collection of our own, i'm ready for the PR.
       - "secret_name"
       - "user_name"
       - "password"
-    - "keypair"
+    - "x509"
       - "secret_name"
   - **Required**: `false`
   - **Type**: `str`
@@ -141,49 +141,55 @@ If anyone wants to initialize a collection of our own, i'm ready for the PR.
   - **Required**: `false`
   - **Type**: `str`
 
-- `host`:
-  - **Description**: The value for the "Host" field. Optional for the "upsert" action with the "keypair" secret type.
+- `common_name`:
+  - **Description**: The value for the "CN" field. Optional for the "upsert" action with the "x509" secret type.
+  - **Required**: `false`
+  - **Type**: `str`
+
+- `alt_name`:
+  - **Description**: The value for the "SubjAltName" field. Optional for the "upsert" action with the "x509" secret type.
   - **Required**: `false`
   - **Type**: `str`
 
 - `location`:
-  - **Description**: The value for the "location" field. Optional for the "upsert" action with the "keypair" secret type.
+  - **Description**: The value for the "Location" field. Optional for the "upsert" action with the "x509" secret type.
   - **Required**: `false`
   - **Type**: `str`
 
 - `private_key`:
-  - **Description**: The value for the "Private key" field. Optional for the "upsert" action with the "keypair" secret type.
+  - **Description**: The value for the "Private key" field. Optional for the "upsert" action with the "x509" secret type.
   - **Required**: `false`
   - **Type**: `str`
 
-- `public_key`:
-  - **Description**: The value for the "Public key" field. Optional for the "upsert" action with the "keypair" secret type.
+- `certificate`:
+  - **Description**: The value for the "Certificate" field. Optional for the "upsert" action with the "x509" secret type.
   - **Required**: `false`
   - **Type**: `str`
 
 ### Full overview of all the parameters for the "upsert" action and with which type they can/must be used
 
-| parameter name                                          | `generic` | `website` | `server` | `database` | `keypair` |
-|---------------------------------------------------------|-----------|-----------|----------|------------|-----------|
-| either secretserver_password <br> or secretserver_token | required  | required  | required | required   | required  |
-| secretserver_username                                   | required  | required  | required | required   | required  |
-| secretserver_base_url                                   | required  | required  | required | required   | required  |
-| action                                                  | required  | required  | required | required   | required  |
-| folder_id                                               | required  | required  | required | required   | required  |
-| type                                                    | required  | required  | required | required   | required  |
-| secret_name                                             | required  | required  | required | required   | required  |
-| user_name                                               | required  | required  | required | required   | ignored   |
-| password                                                | required  | required  | required | required   | optional  |
-| database                                                | ignored   | ignored   | ignored  | required   | ignored   |
-| connection_string                                       | ignored   | ignored   | ignored  | optional   | ignored   |
-| url                                                     | ignored   | required  | ignored  | ignored    | ignored   |
-| fqdn                                                    | ignored   | ignored   | optional | ignored    | ignored   |
-| logon_domain                                            | ignored   | ignored   | optional | ignored    | ignored   |
-| notes                                                   | optional  | optional  | optional | optional   | optional  |
-| host                                                    | ignored   | ignored   | ignored  | ignored    | optional  |
-| location                                                | ignored   | ignored   | ignored  | ignored    | optional  |  
-| private_key                                             | ignored   | ignored   | ignored  | ignored    | optional  | 
-| public_key                                              | ignored   | ignored   | ignored  | ignored    | optional  |
+| parameter name                                          | `generic` | `website` | `server` | `database` | `x509`   |
+|---------------------------------------------------------|-----------|-----------|----------|------------|----------|
+| either secretserver_password <br> or secretserver_token | required  | required  | required | required   | required |
+| secretserver_username                                   | required  | required  | required | required   | required |
+| secretserver_base_url                                   | required  | required  | required | required   | required |
+| action                                                  | required  | required  | required | required   | required |
+| folder_id                                               | required  | required  | required | required   | required |
+| type                                                    | required  | required  | required | required   | required |
+| secret_name                                             | required  | required  | required | required   | required |
+| user_name                                               | required  | required  | required | required   | ignored  |
+| password                                                | required  | required  | required | required   | optional |
+| database                                                | ignored   | ignored   | ignored  | required   | ignored  |
+| connection_string                                       | ignored   | ignored   | ignored  | optional   | ignored  |
+| url                                                     | ignored   | required  | ignored  | ignored    | ignored  |
+| fqdn                                                    | ignored   | ignored   | optional | ignored    | ignored  |
+| logon_domain                                            | ignored   | ignored   | optional | ignored    | ignored  |
+| notes                                                   | optional  | optional  | optional | optional   | optional |
+| common_name                                             | ignored   | ignored   | ignored  | ignored    | optional |
+| alt_name                                                | ignored   | ignored   | ignored  | ignored    | optional |
+| location                                                | ignored   | ignored   | ignored  | ignored    | optional |  
+| private_key                                             | ignored   | ignored   | ignored  | ignored    | optional | 
+| certificate                                             | ignored   | ignored   | ignored  | ignored    | optional |
 
 ## Examples
 
@@ -417,24 +423,29 @@ If anyone wants to initialize a collection of our own, i'm ready for the PR.
       debug:
         var: server_account
 
-    - name: Create a public-private keypair
+    - name: Create a TLS certificate
       secretserver:
-        secretserver_password: "{{ ss_password }}"
-        secretserver_username: "{{ ss_username }}"
+        secretserver_password: "{{ vault_secretserver_password }}"
+        secretserver_username: "{{ vault_secretserver_username }}"
         secretserver_base_url: "{{ secretserver_base_url }}"
         action: upsert
-        type: "keypair"
+        type: "x509"
         folder_id: 999
-        secret_name: "{{ 'lookup_module_test_keypair' + 9999999 | random | string }}"
+        secret_name: "{{ 'lookup_module_test_x509_' + 9999999 | random | string }}"
+        common_name: "www.example.com"
+        alt_name:
+          - "example.com"
+          - "mail.example.com"
+          - "cms.example.com"
         password: "{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=12') }}"
-        public_key: '---- BEGIN SSH2 PUBLIC KEY ---- Comment: "eddsa-key-20240412" AAAAC3NzaC1lZDI1NTE5AAAAINkuJsgZr0ioDahf5mVKUYvL9KaUKYTBg429H1ds VUqH ---- END SSH2 PUBLIC KEY ----'
-        private_key: "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtz -----END OPENSSH PRIVATE KEY-----"
-      register: keypair
+        certificate: '---- BEGIN SSH2 PUBLIC KEY ---- Comment: "eddsa-key-20240412" AAAAC3NzaC1lZDI1NTE5AAAAYTBg429H1ds VUqH ---- END SSH2 PUBLIC KEY ----'
+        private_key: "-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAAABAAAAMwAAAAtz -----END OPENSSH PRIVATE KEY-----"
+      register: x509_certificate
       delegate_to: localhost
 
     - name: dump the secret result
       debug:
-        var: keypair
+        var: x509_certificate
 
     - name: Change the username and password of a Secret by searching for the secret
       secretserver: