Hi,
I have the following terraform template connecting to a enterprise vault under a namespace.
terraform {
required_providers {
vault = "~> 2.12"
}
}
provider "vault" {
alias = "base_namespace"
address = var.vault_address
token = var.vault_token
namespace = var.vault_base_namespace
}
provider "vault" {
alias = "jenkins_namespace"
address = var.vault_address
token = var.vault_token
namespace = var.vault_jenkins_namespace
}
provider "vault" {
alias = "child_namespace"
address = var.vault_address
token = var.vault_token
namespace = trimsuffix(vault_namespace.child_namespace.id, "/")
}
resource "vault_namespace" "child_namespace" {
provider = vault.base_namespace
path = var.vault_child_namespace
}
data "vault_generic_secret" "jenkins_read" {
provider = vault.jenkins_namespace
path = join("/", [ var.kvv2_jenkins_secret_path, "robotconfig" ])
}
data "vault_generic_secret" "k8s_config_3" {
provider = vault.child_namespace
path = join("/", [ var.kvv2_secret_path, "config3" ])
}
resource "local_file" "robotK8sconfig_vault" {
filename = "robotk8_vault_read_new.kubeconfig"
sensitive_content = data.vault_generic_secret.k8s_config_3.data.config
file_permission = "644"
}
resource "local_file" "robotK8sconfig_jenkins_vault" {
filename = "jenkins_robotk8_vault_read.kubeconfig"
sensitive_content = data.vault_generic_secret.jenkins_read.data.config
file_permission = "644"
}
I get the following error when trying to read from another space
Error: no secret found at "project1/robotconfig"
on main.tf line 66, in data "vault_generic_secret" "jenkins_read":
66: data "vault_generic_secret" "jenkins_read" {
The structure is as follows for the sub namespace
myrootnamespace
robotkubeconfigs
jenkins
I am trying to read a secret from Jenkins space with data “vault_generic_secret” . Am i missing something or is that not possible ? I am trying to centralize some common secrets in a global space that can be reused.
Kevin