Skip to content

edgelaboratories/terraform-vault-kv-secrets

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
providers.tf
providers.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

terraform-vault-kv-secrets

Store secrets in a Vault KV secret store and generate a policy to access them.

How to use

In your Terraform file, instanciate the module with:

module "droopy_secrets" {
  source = "github.com/edgelaboratories/terraform-vault-kv-secrets.git?ref=v2.0.0"

  owner = "droopy"
  secrets = {
    "foo" = "hello"
    "bar" = "world"
  }
}

This will store secrets under secrets/droopy and generate a policy that allows to read them.

Options

Specific policy

By default, the policy will allow to read the secrets. If specific capabilities must be set, simply list them. E.g.

module "droopy_secrets" {
  ...
  capabilities = ["read", "update"]
}

KV store mount path

If the KV store is not mounted on the path secrets, use the kv_path variable to change it. E.g.

module "droopy_secrets" {
  ...
  kv_path = "secrets-2"
}

Outputs

  • path -- the path where secrets are stored;
  • policy_name -- the name of the generated Vault policy.

About

A Terraform module to store secrets in a Vault KV secrets engine

Topics

terraform

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

8 watching

Forks

1 fork
Report repository

Releases 4

v2.0.0 Latest
Sep 11, 2025
+ 3 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages