Dynamic Secrets Terraform Cloud / Enterprise

Are there plans to add Vault integration for dynamic secrets with TFC / TFE?

Reading the docs it appears the Vault integration is only used for encrypting static variables. Is that correct?

Hi Rich, I need to know how to add secrets in vault from TFC any ideas?

Slightly off topic as I was wanting to know if retrieving dynamic secrets e.g. aws credentials was on the roadmap for TFC/TFE in addition to storing as variables.

If I understand correctly, you want to add secrets to Vault from a Terraform run?

You could use the Terraform Vault provider and regular variables to configure this, maybe using AppRole to authenticate with Vault and the resource for the type of secret you want to store.


thanks for a quick reply I am new to vault been task to find out how terraform cloud will store access keys and secret keys in vault

If you are talking about AWS credentials to provision AWS resources you can store them in variables in TFC or pass them in as variables when triggering a run.
At the moment there is no support for using the Vault AWS Secret Engine to dynamically retrieve AWS credentials, which is what I would like to do.
Vault integration in TFC is simply an implementation detail to encrypt the variables at rest in storage

so you can store the variables but unable to retrieve them, better storte them in TFC or pass them in as variable when triggering a run