Anyone know how to configure a kv secrets engine from a config HCL file?

A couple versions ago of Vault, the following hcl worked in allowing secrets to be written:

storage “postgresql” {
connection_url = “postgres://postgres:postgres@db:5432/vault?sslmode=disable”

storage “kv” {
version = 2
path = “secret”

listener “tcp” {
address = “”
tls_disable = 1


An example policy is:

path “secret/*”
capabilities = [“create”, “read”, “update”, “delete”, “list”, “sudo”]

But now, it seems like I need to enable the kv secrets engine either via command or via UI.

I’m hoping there’s some hcl that I can use to just create it in one fell swoop.

Hi there!

Vault doesn’t support out-of-the-box configuration via HCL.
However, you can use the Terraform Vault plugin to programmatically setup mounts:


1 Like