vault_namespace

Provides a resource to manage Namespaces.

Note this feature is available only with Vault Enterprise.

Example Usage

Single namespace

resource "vault_namespace" "ns1" {
  path = "ns1"
}

Nested namespaces

provider "vault" {}

variable "child_namespaces" {
  type = set(string)
  default = [
    "child_0",
    "child_1",
    "child_2",
  ]
}

resource "vault_namespace" "parent" {
  path = "parent"
}

resource "vault_namespace" "children" {
  for_each  = var.child_namespaces
  namespace = vault_namespace.parent.path
  path      = each.key
}

resource "vault_mount" "children" {
  for_each  = vault_namespace.children
  namespace = each.value.path_fq
  path      = "secrets"
  type      = "kv"
  options = {
    version = "1"
  }
}

resource "vault_generic_secret" "children" {
  for_each  = vault_mount.children
  namespace = each.value.namespace
  path      = "${each.value.path}/secret"
  data_json = jsonencode(
    {
      "ns" = each.key
    }
  )
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to the above arguments, the following attributes are exported:

Import

Namespaces can be imported using its name as accessor id

$ terraform import vault_namespace.example <name>

If the declared resource is imported and intends to support namespaces using a provider alias, then the name is relative to the namespace path.

provider "vault" {
  # Configuration options
  namespace = "example"
  alias     = "example"
}

resource "vault_namespace" "example2" {
  provider = vault.example
  path     = "example2"
}
$ terraform import vault_namespace.example2 example2

$ terraform state show vault_namespace.example2
# vault_namespace.example2:
resource "vault_namespace" "example2" {
    id           = "example/example2/"
    namespace_id = <known after import>
    path         = "example2"
    path_fq      = "example2"
}

Tutorials

Refer to the Codify Management of Vault Enterprise Using Terraform tutorial for additional examples using Vault namespaces.