The credential store for Vault resource allows you to configure a Boundary credential store for Vault.
resource "boundary_scope" "org" {
name = "organization_one"
description = "My first scope!"
scope_id = "global"
auto_create_admin_role = true
auto_create_default_role = true
}
resource "boundary_scope" "project" {
name = "project_one"
description = "My first scope!"
scope_id = boundary_scope.org.id
auto_create_admin_role = true
}
resource "boundary_credential_store_vault" "example" {
name = "foo"
description = "My first Vault credential store!"
address = "http://127.0.0.1:8200" # change to Vault address
token = "s.0ufRo6XEGU2jOqnIr7OlFYP5" # change to valid Vault token
scope_id = boundary_scope.project.id
}
address
(String) The address to Vault server. This should be a complete URL such as 'https://127.0.0.1:8200'scope_id
(String) The scope for this credential store.token
(String, Sensitive) A token used for accessing Vault.ca_cert
(String) A PEM-encoded CA certificate to verify the Vault server's TLS certificate.client_certificate
(String) A PEM-encoded client certificate to use for TLS authentication to the Vault server.client_certificate_key
(String, Sensitive) A PEM-encoded private key matching the client certificate from 'client_certificate'.description
(String) The Vault credential store description.name
(String) The Vault credential store name. Defaults to the resource name.namespace
(String) The namespace within Vault to use.tls_server_name
(String) Name to use as the SNI host when connecting to Vault via TLS.tls_skip_verify
(Boolean) Whether or not to skip TLS verification.worker_filter
(String) HCP Only. A filter used to control which PKI workers can handle Vault requests. This allows the use of private Vault instances with Boundary.client_certificate_key_hmac
(String) The Vault client certificate key hmac.id
(String) The ID of the Vault credential store.token_hmac
(String) The Vault token hmac.Import is supported using the following syntax:
terraform import boundary_credential_store_vault.foo <my-id>