terraform/website/source/docs/providers/vault/r/generic_secret.html.md

---
layout: "vault"
page_title: "Vault: vault_generic_secret resource"
sidebar_current: "docs-vault-resource-generic-secret"
description: |-
  Writes arbitrary data to a given path in Vault
---

# vault\_generic\_secret

Writes and manages arbitrary data at a given path in Vault.

This resource is primarily intended to be used with
[Vault's "generic" secret backend](https://www.vaultproject.io/docs/secrets/generic/index.html),
but it is also compatible with any other Vault endpoint that supports
the `vault write` command to create and the `vault delete` command to
delete.

~> **Important** All data provided in the resource configuration will be
written in cleartext to state and plan files generated by Terraform, and
will appear in the console output when Terraform runs. Protect these
artifacts accordingly. See
[the main provider documentation](../index.html)
for more details.

## Example Usage

```
resource "vault_generic_secret" "example" {
  path = "secret/foo"

  data_json = <<EOT
{
  "foo":   "bar",
  "pizza": "cheese"
}
EOT
}
```

## Argument Reference

The following arguments are supported:

* `path` - (Required) The full logical path at which to write the given
data. To write data into the "generic" secret backend mounted in Vault by
default, this should be prefixed with `secret/`. Writing to other backends
with this resource is possible; consult each backend's documentation to
see which endpoints support the `PUT` and `DELETE` methods.

* `data_json` - (Required) String containing a JSON-encoded object that
will be written as the secret data at the given path.

## Required Vault Capabilities

Use of this resource requires the `create` or `update` capability
(depending on whether the resource already exists) on the given path,
along with the `delete` capbility if the resource is removed from
configuration.

This resource does not *read* the secret data back from Terraform
on refresh. This avoids the need for `read` access on the given
path, but it means that Terraform is not able to detect and repair
"drift" on this resource should the data be updated or deleted outside
of Terraform.

## Attributes Reference

No additional attributes are exported by this resource.
website: documentation for the vault provider 2016-10-01 03:27:05 +02:00			`---`
			`layout: "vault"`
			`page_title: "Vault: vault_generic_secret resource"`
			`sidebar_current: "docs-vault-resource-generic-secret"`
			`description: \|-`
			`Writes arbitrary data to a given path in Vault`
			`---`

			`# vault\_generic\_secret`

			`Writes and manages arbitrary data at a given path in Vault.`

			`This resource is primarily intended to be used with`
			`[Vault's "generic" secret backend](https://www.vaultproject.io/docs/secrets/generic/index.html),`
			`but it is also compatible with any other Vault endpoint that supports`
			the `vault write` command to create and the `vault delete` command to
			`delete.`

			`~> Important All data provided in the resource configuration will be`
			`written in cleartext to state and plan files generated by Terraform, and`
			`will appear in the console output when Terraform runs. Protect these`
			`artifacts accordingly. See`
			`[the main provider documentation](../index.html)`
			`for more details.`

			`## Example Usage`

			```
			`resource "vault_generic_secret" "example" {`
			`path = "secret/foo"`

			`data_json = <<EOT`
			`{`
			`"foo": "bar",`
			`"pizza": "cheese"`
			`}`
			`EOT`
			`}`
			```

			`## Argument Reference`

			`The following arguments are supported:`

			* `path` - (Required) The full logical path at which to write the given
			`data. To write data into the "generic" secret backend mounted in Vault by`
			default, this should be prefixed with `secret/`. Writing to other backends
			`with this resource is possible; consult each backend's documentation to`
			see which endpoints support the `PUT` and `DELETE` methods.

			* `data_json` - (Required) String containing a JSON-encoded object that
			`will be written as the secret data at the given path.`

			`## Required Vault Capabilities`

			Use of this resource requires the `create` or `update` capability
			`(depending on whether the resource already exists) on the given path,`
			along with the `delete` capbility if the resource is removed from
			`configuration.`

			`This resource does not read the secret data back from Terraform`
			on refresh. This avoids the need for `read` access on the given
			`path, but it means that Terraform is not able to detect and repair`
			`"drift" on this resource should the data be updated or deleted outside`
			`of Terraform.`

			`## Attributes Reference`

			`No additional attributes are exported by this resource.`