Creates a GitHub destination to synchronize secrets in Vault. Requires Vault 1.16+. Available only for Vault Enterprise.
For more information on syncing secrets with GitHub, please refer to the Vault documentation.
resource "vault_secrets_sync_vercel_destination" "vercel" {
name = "vercel-dest"
access_token = var.access_token
project_id = var.project_id
deployment_environments = ["development", "preview", "production"]
secret_name_template = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
name
- (Required) Unique name of the GitHub destination.
access_token
- (Required) Vercel API access token with the permissions to manage environment
variables.
project_id
- (Required) Project ID where to manage environment variables.
deployment_environments
- (Required) Deployment environments where the environment variables
are available. Accepts development
, preview
and production
.
team_id
- (Optional) Team ID where to manage environment variables.
secret_name_template
- (Optional) Template describing how to generate external secret names.
Supports a subset of the Go Template syntax.
granularity
- (Optional) Determines what level of information is synced as a distinct resource
at the destination. Supports secret-path
and secret-key
.
The following attributes are exported in addition to the above:
type
- The type of the secrets destination (vercel-project
).GitHub Secrets sync destinations can be imported using the name
, e.g.
$ terraform import vault_secrets_sync_vercel_destination.vercel vercel-dest