The consul_acl_token_secret
data source returns the secret ID associated to
the accessor ID. This can be useful to make systems that cannot use an auth
method to interface with Consul.
If you want to get other attributes of the Consul ACL token, please use the
consul_acl_token
data source.
resource "consul_acl_policy" "test" {
name = "test"
rules = "node \"\" { policy = \"read\" }"
datacenters = [ "dc1" ]
}
resource "consul_acl_token" "test" {
description = "test"
policies = [consul_acl_policy.test.name]
local = true
}
data "consul_acl_token_secret_id" "read" {
accessor_id = consul_acl_token.test.id
pgp_key = "keybase:my_username"
}
output "consul_acl_token_secret_id" {
value = data.consul_acl_token_secret_id.read.encrypted_secret_id
}
The following arguments are supported:
accessor_id
- (Required) The accessor ID of the ACL token.namespace
- (Optional, Enterprise Only) The namespace to lookup the token.partition
- (Optional, Enterprise Only) The partition to lookup the token.pgp_key
- (Optional) Either a base-64 encoded PGP public key, or a keybase
username in the form keybase:some_person_that_exists
. If you do not set this
argument, the token secret ID will be written as plain text in the Terraform
state.The following attributes are exported:
secret_id
- The secret ID of the ACL token if pgp_key
has not been set.encrypted_secret_id
- The encrypted secret ID of the ACL token if pgp_key
has been set. You can decrypt the secret by using the command line, for example
with: terraform output encrypted_secret | base64 --decode | keybase pgp decrypt
.