vault_gcp_secret_impersonated_account

Creates a Impersonated Account in the GCP Secrets Engine for Vault.

Each impersonated account is tied to a separately managed Service Account.

Example Usage

resource "google_service_account" "this" {
  account_id = "my-awesome-account"
}

resource "vault_gcp_secret_backend" "gcp" {
  path        = "gcp"
  credentials = "${file("credentials.json")}"
}

resource "vault_gcp_secret_impersonated_account" "impersonated_account" {
  backend        = vault_gcp_secret_backend.gcp.path

  impersonated_account  = "this"
  service_account_email = google_service_account.this.email
  token_scopes          = ["https://www.googleapis.com/auth/cloud-platform"]
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to the fields above, the following attributes are also exposed:

Import

A impersonated account can be imported using its Vault Path. For example, referencing the example above,

$ terraform import vault_gcp_secret_impersonated_account.impersonated_account gcp/impersonated-account/project_viewer