Anyone know how to configure a kv secrets engine from a config HCL file?

ryancammer · February 11, 2020, 4:06am

A couple versions ago of Vault, the following hcl worked in allowing secrets to be written:

storage “postgresql” {
connection_url = “postgres://postgres:postgres@db:5432/vault?sslmode=disable”
}

storage “kv” {
version = 2
path = “secret”
}

listener “tcp” {
address = “0.0.0.0:8200”
tls_disable = 1
}

ui=true

An example policy is:

path “secret/*”
{
capabilities = [“create”, “read”, “update”, “delete”, “list”, “sudo”]
}

But now, it seems like I need to enable the kv secrets engine either via command or via UI.

I’m hoping there’s some hcl that I can use to just create it in one fell swoop.

michelvocks · February 11, 2020, 1:51pm

Hi there!

Vault doesn’t support out-of-the-box configuration via HCL.
However, you can use the Terraform Vault plugin to programmatically setup mounts: https://www.terraform.io/docs/providers/vault/index.html

Cheers,
Michel