openstack_keymanager_secret_v1

Manages a V1 Barbican secret resource within OpenStack.

Example Usage

Simple secret

resource "openstack_keymanager_secret_v1" "secret_1" {
  algorithm            = "aes"
  bit_length           = 256
  mode                 = "cbc"
  name                 = "mysecret"
  payload              = "foobar"
  payload_content_type = "text/plain"
  secret_type          = "passphrase"

  metadata = {
    key = "foo"
  }
}

Secret with whitespaces

resource "openstack_keymanager_secret_v1" "secret_1" {
  name                     = "password"
  payload                  = base64encode("password with the whitespace at the end ")
  secret_type              = "passphrase"
  payload_content_type     = "application/octet-stream"
  payload_content_encoding = "base64"
}

Secret with the expiration date

resource "openstack_keymanager_secret_v1" "secret_1" {
  name                 = "certificate"
  payload              = file("certificate.pem")
  secret_type          = "certificate"
  payload_content_type = "text/plain"
  expiration           = timeadd(timestamp(), format("%dh", 8760)) # one year in hours

  lifecycle {
    ignore_changes = [
      expiration
    ]
  }
}

Secret with the ACL

resource "openstack_keymanager_secret_v1" "secret_1" {
  name                 = "certificate"
  payload              = file("certificate.pem")
  secret_type          = "certificate"
  payload_content_type = "text/plain"

  acl {
    read {
      project_access = false
      users = [
        "userid1",
        "userid2",
      ]
    }
  }
}

Argument Reference

The following arguments are supported:

The acl read block supports:

Attributes Reference

The following attributes are exported:

Import

Secrets can be imported using the secret id (the last part of the secret reference), e.g.:

$ terraform import openstack_keymanager_secret_v1.secret_1 8a7a79c2-cf17-4e65-b2ae-ddc8bfcf6c74