vault_secrets_sync_association

Triggers a sync operation in Vault and links a secret to an existing destination. Requires Vault 1.16+. Available only for Vault Enterprise.

For more information on associations, please refer to the Vault documentation.

Example Usage

resource "vault_mount" "kvv2" {
  path        = "kvv2"
  type        = "kv"
  options     = { version = "2" }
  description = "KV Version 2 secret engine mount"
}

resource "vault_kv_secret_v2" "token" {
  mount = vault_mount.kvv2.path
  name  = "token"
  data_json = jsonencode(
    {
      dev  = "B!gS3cr3t",
      prod = "S3cureP4$$"
    }
  )
}

resource "vault_secrets_sync_gh_destination" "gh" {
  name                 = "gh-dest"
  access_token         = var.access_token
  repository_owner     = var.repo_owner
  repository_name      = "repo-name-example"
  secret_name_template = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"
}

resource "vault_secrets_sync_association" "gh_token" {
  name        = vault_secrets_sync_gh_destination.gh.name
  type        = vault_secrets_sync_gh_destination.gh.type
  mount       = vault_mount.kvv2.path
  secret_name = vault_kv_secret_v2.token.name
}

Argument Reference

The following arguments are supported:

Attributes Reference

The following attributes are exported in addition to the above: