Hi folks,
I am trying to active vault audit device with Terraform resource: Terraform Registry
Inside the userdate
script, vault directory is created and needed permissions are granted:
sudo mkdir -pm 0755 /var/log/vault
sudo chown -R vault:vault /var/log/vault
Then the Vault audit resource added:
resource "vault_audit" "vault_audit_log" {
type = "file"
options = {
file_path = "/var/log/vault/vault_audit.log"
}
}
When terraform apply
, it promotes the below:
terraform apply
provider.vault.address
URL of the root of the target Vault server.
Enter a value:
I am not sure what it means? and which value I should enter. I tried http://127.0.0.1:8200
and apply command runs successfully. But when I connect to the Vault node, Audit device is not enabled!
vault audit list
No audit devices are enabled.
Could you please support me.
More info:
When I put the value empty and enter to continue, get the below errors:
terraform plan
provider.vault.address
URL of the root of the target Vault server.
Enter a value:
╷
│ Error: Invalid provider configuration
│
│ Provider “Terraform Registry” requires explicit configuration. Add a provider block to the root module and configure the provider’s required arguments as described in
│ the provider documentation.
│
╵
╷
│ Error: no vault token found
│
│ with provider[“Terraform Registry”],
│ on line 1:
│ (source code not available)
│
NP: When I remove the vault_audit_device resource, everything works fine!
It seems, I need to provide arguments for Vault provider: Terraform Registry
-
address
- (Required) Origin URL of the Vault server. This is a URL with a scheme, a hostname and a port but with no path. May be set via the VAULT_ADDR
environment variable.
token
- (Required) Vault token that will be used by Terraform to authenticate. May be set via the VAULT_TOKEN
environment variable
Then my question is how I can provide token prior to deploy Vault?
I just found the solution.
Vault audit log activation is a change configuration. Configuration should be applied after deployment.
vault_url and token must be provided to apply changes.