Product suggestion - serverless Vault for use with Terraform Cloud

We use multiple organizations in Terraform Cloud, and often need to export outputs from one organization’s workspace to use as variables to another organization’s workspace. Because there is no cross-organization output access, this means manually transcribing values.

Currently we can sort of work around this with AWS Secrets Manager, where we write an output as a secret from one organization, and then read it from another. It’s not perfect though, especially when we want to share the same output across multiple AWS accounts, which is usually the case.

I think a nice feature to add to Terraform Cloud would be access to a “serverless” Vault with very limited features, where a workspace could create a resource like " vault_generic_secret" that’s only accessible by other Terraform Cloud organizations and workspaces, in a version of Vault that doesn’t incur the runtime costs of normal HashiCorp Vault. I feel this would solve the lack of cross-organization output access.

Hello!

Because there is no cross-organization output access

I’m inferring based on what you’ve said here that you’re looking to use the terraform_remote_state data source to work in a cross-organization way, but have you tried using the TFE provider’s tfe_outputs resource instead? As the terraform_remote_state data source documentation goes over, using the TFE provider is a good alternative for several reasons, one of which is that you can provide whatever access token to whatever organization you want, which I think would solve your issue here.