Use the vault terraform provider to enable k/v secrets engine?

sding3 · January 13, 2020, 4:46pm

Is it possible to enable the k/v secrets engine (with the ability to specify v1 or v2, as well as the path) using the terraform vault provider?

I’ve tried to use the vault_generic_secret resource, but it would error out if the secret engine is not already enabled with a 404 error “no handler for route”.

This appears to be possible with the pki secret backend using the following. So is there a similar resource type for the generic secret backend, where terraform vault would enable the engine if it’s not already enabled?

resource "vault_pki_secret_backend" "pki" { 
  path = "pki"                              
}

sding3 · January 13, 2020, 5:40pm

After a bit of searching around, it appears to be possible with:

resource "vault_mount" "kv2-created-by-terraform" {
  path        = "kv2-created-by-terraform"
  type        = "kv-v2"
  # or type = "kv"
  description = "This is an example mount for kv version 2"
}

Topic		Replies	Views
Mount several kvv2 secret engine with Terraform Terraform vault	4	499	June 29, 2023
Using terraform to create vault_kv_secret resources results in json_data stored in a single key Vault kv	3	1631	July 23, 2022
Terraform: provisioning Vault Static Kvv2 Terraform terraform-enterprise , vault	3	138	September 23, 2024
Enabling Terraform Cloud Secrets Engine on Vault community edition Vault	1	207	August 26, 2021
Anyone know how to configure a kv secrets engine from a config HCL file? Vault	1	536	February 11, 2020

Use the vault terraform provider to enable k/v secrets engine?

Related topics