Terraform Enterprise access to secret in Vault


We would like to access to some secrets in Vault with TF scripts applied from Terraform Entreprise. TFE is deployed on AWS EC2 instance and this instance can assume admin role thank to an instance profile configured with the right privilieges. At this stage we know 2 ways to request Vault :

  • using a TFE_TOKEN env var setted with a personal token
  • using vault_aws_secret_backend_role with AWS access/secret key.
    These two ways are not suitable because we have to expose secret in the TF code.
    For me the best way should be to profite the instance profile role to access to Vault.

Do you know a way of making without disclosure of secret ?

thanks in advance