From 40ec3a819ae652bd81a62e05a99341db63c79594 Mon Sep 17 00:00:00 2001
From: John Lotoski <john.lotoski@iohk.io>
Date: Fri, 4 Nov 2022 18:56:11 -0500
Subject: [PATCH] fix: key usage attrs on intermediate issuer

---
 modules/terraform/hydrate-cluster/policies.nix  | 2 +-
 modules/terraform/hydrate-cluster/vault-pki.nix | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/terraform/hydrate-cluster/policies.nix b/modules/terraform/hydrate-cluster/policies.nix
index 9d557812..9785722c 100644
--- a/modules/terraform/hydrate-cluster/policies.nix
+++ b/modules/terraform/hydrate-cluster/policies.nix
@@ -108,6 +108,6 @@ in {
       key_usage = ["DigitalSignature" "KeyAgreement" "KeyEncipherment"];
       # 87600h
       max_ttl = "315360000";
-    }) (consulPolicies // vaultPolicies); # we'r only interested in the keys anyway
+    }) (consulPolicies // vaultPolicies); # we're only interested in the keys anyway
   };
 }
diff --git a/modules/terraform/hydrate-cluster/vault-pki.nix b/modules/terraform/hydrate-cluster/vault-pki.nix
index 0468b5e8..72fb9012 100644
--- a/modules/terraform/hydrate-cluster/vault-pki.nix
+++ b/modules/terraform/hydrate-cluster/vault-pki.nix
@@ -76,7 +76,7 @@ in {
 
       validity_period_hours = 43800;
       is_ca_certificate = true;
-      allowed_uses = ["signing" "key encipherment" "cert sign" "crl sign"];
+      allowed_uses = ["cert_signing" "crl_signing" "digital_signature" "key_encipherment"];
     };
 
     resource.vault_pki_secret_backend_intermediate_set_signed.issuing_ca = {