vault_secrets_sync_aws_destination

Creates an AWS destination to synchronize secrets in Vault. Requires Vault 1.16+. Available only for Vault Enterprise.

For more information on syncing secrets with AWS, please refer to the Vault documentation.

Example Usage

resource "vault_secrets_sync_aws_destination" "aws" {
  name                 = "aws-dest"
  access_key_id        = var.access_key_id
  secret_access_key    = var.secret_access_key
  region               = "us-east-1"
  role_arn             = "role-arn"
  external_id          = "external-id"
  secret_name_template = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"
  custom_tags = {
    "foo" = "bar"
  }
}

Argument Reference

The following arguments are supported:

Attributes Reference

The following attributes are exported in addition to the above:

Import

AWS Secrets sync destinations can be imported using the name, e.g.

$ terraform import vault_secrets_sync_aws_destination.aws aws-dest