vault_generic_secret

Reads arbitrary data from a given path in Vault.

This resource is primarily intended to be used with Vault's "generic" secret backend, but it is also compatible with any other Vault endpoint that supports the vault read command.

Example Usage

Generic secret

data "vault_generic_secret" "rundeck_auth" {
  path = "secret/rundeck_auth"
}

# Rundeck Provider, for example
# For this example, in Vault there is a key named "auth_token" and the value is the token we need to keep secret.
# In general usage, replace "auth_token" with the key you wish to extract from Vault. 

provider "rundeck" {
  url        = "http://rundeck.example.com/"
  auth_token = data.vault_generic_secret.rundeck_auth.data["auth_token"]
}

KV

For this example, consider example as a path for a KV engine.

data "vault_generic_secret" "example_creds" {
  path = "example/creds"
}

data "template_file" "example_template" {
  template = file("./example.tmpl")
  vars = {
    username = data.vault_generic_secret.example_creds.data["username"]
    password = data.vault_generic_secret.example_creds.data["password"]
  }
}

Argument Reference

The following arguments are supported:

Required Vault Capabilities

Use of this resource requires the read capability on the given path.

Attributes Reference

The following attributes are exported: