vault_generic_secret
Writes and manages arbitrary data at a given path in Vault.
This resource is primarily intended to be used with Vault's "generic" secret backend, but it is also compatible with any other Vault endpoint that supports the vault write command to create and the vault delete command to delete.
Important All data provided in the resource configuration will be written in cleartext to state and plan files generated by Terraform, and will appear in the console output when Terraform runs. Protect these artifacts accordingly. See the main provider documentation for more details.
Example Usage
resource "vault_generic_secret" "example" {
path = "secret/foo"
data_json = <<EOT
{
"foo": "bar",
"pizza": "cheese"
}
EOT
}
Argument Reference
The following arguments are supported:
-
path- (Required) The full logical path at which to write the given data. To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed withsecret/. Writing to other backends with this resource is possible; consult each backend's documentation to see which endpoints support thePUTandDELETEmethods. -
data_json- (Required) String containing a JSON-encoded object that will be written as the secret data at the given path. -
allow_read- (Optional, Deprecated) True/false. Set this to true if your vault authentication is able to read the data, this allows the resource to be compared and updated. Defaults to false. -
disable_read- (Optional) True/false. Set this to true if your vault authentication is not able to read the data. Setting this totruewill break drift detection. Defaults to false.
Required Vault Capabilities
Use of this resource requires the create or update capability (depending on whether the resource already exists) on the given path, along with the delete capbility if the resource is removed from configuration.
This resource does not read the secret data back from Terraform on refresh by default. This avoids the need for read access on the given path, but it means that Terraform is not able to detect and repair "drift" on this resource should the data be updated or deleted outside of Terraform. This limitation can be negated by setting allow_read to true
Attributes Reference
No additional attributes are exported by this resource.
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/vault/r/generic_secret.html