Vault_kv_secret_v2 require access to the metadata/... path even if I’m only updating a secret under data/

Nivedita-coder · October 7, 2025, 12:03pm

Hi folks,
I’m using terraform with Vault KV v2 to manage secrets. When I try to update a secret for the first time, I get the following error:

vault_kv_secret_v2.user: Modifying... [id=xxxx/data/]
╷
│ Error: error writing custom metadata to xxxx/metadata/xxxx, err=Error making API request. │
│ URL: PUT v1/xxxx/metadata/xxxx │ Code: 403. Errors: │ │ * 1 error occurred: │ * permission denied │ │
│ with vault_kv_secret_v2.user, │ on main.tf line 49, in resource "vault_kv_secret_v2" "user": │ 49: resource "vault_kv_secret_v2" "user" {

Interestingly, if I try the same operation a second time, it succeeds.Why does vault_kv_secret_v2 require access to the metadata/... path even if I’m only updating a secret under data/...?

Topic		Replies	Views
Vault_kv_secret_v2 require access to the metadata/… path even if I’m only updating a secret under data/ Terraform Providers	0	8	October 7, 2025
Write secret to Vault Enterprise with Terraform Vault	7	1024	January 5, 2022
KV Secret Engine - API Not working Vault	10	3899	May 5, 2020
Invalid path for a versioned K/V secrets engine Vault	2	21617	April 28, 2020
Create a policy to list & read (on the UI) specific secrets Vault kv	3	1487	April 9, 2020

Vault_kv_secret_v2 require access to the metadata/... path even if I’m only updating a secret under data/

Related topics