The credential library for Vault resource allows you to configure a Boundary credential library for Vault.
resource "boundary_scope" "org" {
name = "organization_one"
description = "My first scope!"
scope_id = "global"
auto_create_admin_role = true
auto_create_default_role = true
}
resource "boundary_scope" "project" {
name = "project_one"
description = "My first scope!"
scope_id = boundary_scope.org.id
auto_create_admin_role = true
}
resource "boundary_credential_store_vault" "foo" {
name = "foo"
description = "My first Vault credential store!"
address = "http://127.0.0.1:8200" # change to Vault address
token = "s.0ufRo6XEGU2jOqnIr7OlFYP5" # change to valid Vault token
scope_id = boundary_scope.project.id
}
resource "boundary_credential_library_vault" "foo" {
name = "foo"
description = "My first Vault credential library!"
credential_store_id = boundary_credential_store_vault.foo.id
path = "my/secret/foo" # change to Vault backend path
http_method = "GET"
}
resource "boundary_credential_library_vault" "bar" {
name = "bar"
description = "My second Vault credential library!"
credential_store_id = boundary_credential_store_vault.foo.id
path = "my/secret/bar" # change to Vault backend path
http_method = "POST"
http_request_body = <<EOT
{
"key": "Value",
}
EOT
}
resource "boundary_credential_library_vault" "baz" {
name = "baz"
description = "vault username password credential with mapping overrides"
credential_store_id = boundary_credential_store_vault.foo.id
path = "my/secret/baz" # change to Vault backend path
http_method = "GET"
credential_type = "username_password"
credential_mapping_overrides = {
password_attribute = "alternative_password_label"
username_attribute = "alternative_username_label"
}
}
resource "boundary_credential_library_vault" "quz" {
name = "quz"
description = "vault ssh private key credential with mapping overrides"
credential_store_id = boundary_credential_store_vault.foo.id
path = "my/secret/quz" # change to Vault backend path
http_method = "GET"
credential_type = "ssh_private_key"
credential_mapping_overrides = {
private_key_attribute = "alternative_key_label"
private_key_passphrase_attribute = "alternative_passphrase_label"
username_attribute = "alternative_username_label"
}
}
credential_store_id
(String) The ID of the credential store that this library belongs to.path
(String) The path in Vault to request credentials from.credential_mapping_overrides
(Map of String) The credential mapping override.credential_type
(String) The type of credential the library generates. Cannot be updated on an existing resource.description
(String) The Vault credential library description.http_method
(String) The HTTP method the library uses when requesting credentials from Vault. Defaults to 'GET'http_request_body
(String) The body of the HTTP request the library sends to Vault when requesting credentials. Only valid if http_method
is set to POST
.name
(String) The Vault credential library name. Defaults to the resource name.id
(String) The ID of the Vault credential library.Import is supported using the following syntax:
terraform import boundary_credential_library_vault.foo <my-id>