vault_kv_secret_v2

Writes a KV-V2 secret to a given path in Vault.

For more information on Vault's KV-V2 secret backend see here.

Example Usage

resource "vault_mount" "kvv2" {
  path        = "kvv2"
  type        = "kv"
  options     = { version = "2" }
  description = "KV Version 2 secret engine mount"
}

resource "vault_kv_secret_v2" "example" {
  mount                      = vault_mount.kvv2.path
  name                       = "secret"
  cas                        = 1
  delete_all_versions        = true
  data_json                  = jsonencode(
  {
    zip       = "zap",
    foo       = "bar"
  }
  )
  custom_metadata {
    max_versions = 5
    data = {
      foo = "vault@example.com",
      bar = "12345"
    }
  }
}

Argument Reference

The following arguments are supported:

Required Vault Capabilities

Use of this resource requires the create or update capability (depending on whether the resource already exists) on the given path, the delete capability if the resource is removed from configuration, and the read capability for drift detection (by default).

Custom Metadata Configuration Options

Attributes Reference

The following attributes are exported in addition to the above:

Import

KV-V2 secrets can be imported using the path, e.g.

$ terraform import vault_kv_secret_v2.example kvv2/data/secret