Database Secret Engine TTL values from terraform variables not accepting string type variable

AjayRedJ · May 21, 2025, 10:08am

We changed the variable type from “number” to “string”. When we passed the value of the variables as 32d or 24h to denote in hours or days, it is throwing as error.

It works fine when we pass the value in seconds like 3600.

values as 32d or 24h work fine when passing in CLI command or API call directly to Vault.
example: vault write -f auth/approle/role/tocheckttl token_ttl=“24h” token_max_ttl=“25d”

Terraform is not allowing the attribute to take value in the 32d format.

jonathanfrappier · May 22, 2025, 12:33pm

Looking over the Terraform registry docs, it specifies the ttl should be defined in seconds:

(Optional) The default number of **seconds** for leases for this role.

Since the type is number and not string, a notation like d for days I would expect to cause an error.

It can certainly be a cause for some confusion since the CLI/API accepts this as either a string or int.

Topic		Replies	Views
Vault Database Secret Engine TTL values from terraform variables not accepting string type variable Terraform Providers	0	7	May 21, 2025
Vault_database_secret_backend_role TTL values from terraform variables not accepting string type variable Terraform vault	1	22	May 21, 2025
Problem using token_ttl parameter with vault_token_auth_backend_role Vault	1	417	November 1, 2019
Error in using string list variable in Terraform Cloud HCP Terraform	6	5678	December 9, 2022
Vault_generic_secret and variables in json? Terraform	3	5326	September 23, 2021

Database Secret Engine TTL values from terraform variables not accepting string type variable

Related topics