This data source supports the "/transform/encode/{role_name}" Vault endpoint.
It encodes the provided value using a named role.
resource "vault_mount" "transform" {
path = "transform"
type = "transform"
}
resource "vault_transform_transformation" "ccn-fpe" {
path = vault_mount.transform.path
name = "ccn-fpe"
type = "fpe"
template = "builtin/creditcardnumber"
tweak_source = "internal"
allowed_roles = ["payments"]
}
resource "vault_transform_role" "payments" {
path = vault_transform_transformation.ccn-fpe.path
name = "payments"
transformations = ["ccn-fpe"]
}
data "vault_transform_encode" "test" {
path = vault_transform_role.payments.path
role_name = "payments"
batch_input = [{"value":"1111-2222-3333-4444"}]
}
The following arguments are supported:
namespace
- (Optional) The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
path
- (Required) Path to where the back-end is mounted within Vault.
batch_input
- (Optional) Specifies a list of items to be encoded in a single batch. If this parameter is set, the parameters 'value', 'transformation' and 'tweak' will be ignored. Each batch item within the list can specify these parameters instead.batch_results
- (Optional) The result of encoding a batch.encoded_value
- (Optional) The result of encoding a value.role_name
- (Required) The name of the role.transformation
- (Optional) The transformation to perform. If no value is provided and the role contains a single transformation, this value will be inferred from the role.tweak
- (Optional) The tweak value to use. Only applicable for FPE transformationsvalue
- (Optional) The value in which to encode.