Reads key data from Vault.
resource "vault_mount" "pki" {
path = "pki"
type = "pki"
description = "PKI secret engine mount"
}
resource "vault_pki_secret_backend_key" "key" {
backend = vault_mount.pki.path
type = "internal"
key_name = "example"
key_type = "rsa"
key_bits = "4096"
}
data "vault_pki_secret_backend_key" "example" {
backend = vault_mount.key.path
key_ref = vault_pki_secret_backend_key.key.key_id
}
The following arguments are supported:
namespace
- (Optional) The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
backend
- (Required) The path to the PKI secret backend to
read the key from, with no leading or trailing /
s.
key_ref
- (Required) Reference to an existing key.
In addition to the arguments above, the following attributes are exported:
key_name
- Name of the key.
key_id
- ID of the key.
key_type
- Type of the key.