Recovery of tfstate for Vault with Terraform

I’m in a bit of a sticky situation. I’ve inherited a Vault installation that was managed with Terraform. Unfortunately the previous administrator did not commit the state into the Git repository and didn’t use remote states.

I’ve manage to import most resources using the terraform import command. However there are 6 resources I have been unable to import because it’s not been implimented?

  • vault_pki_secret_backend_intermediate_cert_request.redacted_name1
  • vault_pki_secret_backend_intermediate_cert_request.redacted_name2
  • vault_pki_secret_backend_intermediate_set_signed.redacted_name1
  • vault_pki_secret_backend_intermediate_set_signed.redacted_name2
  • vault_pki_secret_backend_root_sign_intermediate.redacted_name
  • vault_pki_secret_backend_sign.redacted_name

Is there a way to link this back?

My suggestion would be to just comment out these resources and keep them as documentation only, of what was previously done.

They are all PKI certificate related, and all are someone “one time setup” flavoured.

The reason for lacking import support, is because they tend to have some element of capturing an API response, which can’t be re-obtained later.

Given this setup has already been done in production, there’s nothing more for Terraform to actually do here - until the time comes when you want to start looking at renewing/replacing these certificates - so just keep them as comments, to be used as documentation when that time comes.