2016-10-01 03:27:05 +02:00
|
|
|
---
|
|
|
|
layout: "vault"
|
|
|
|
page_title: "Vault: vault_generic_secret resource"
|
|
|
|
sidebar_current: "docs-vault-resource-generic-secret"
|
|
|
|
description: |-
|
|
|
|
Writes arbitrary data to a given path in Vault
|
|
|
|
---
|
|
|
|
|
|
|
|
# vault\_generic\_secret
|
|
|
|
|
|
|
|
Writes and manages arbitrary data at a given path in Vault.
|
|
|
|
|
|
|
|
This resource is primarily intended to be used with
|
|
|
|
[Vault's "generic" secret backend](https://www.vaultproject.io/docs/secrets/generic/index.html),
|
|
|
|
but it is also compatible with any other Vault endpoint that supports
|
|
|
|
the `vault write` command to create and the `vault delete` command to
|
|
|
|
delete.
|
|
|
|
|
|
|
|
~> **Important** All data provided in the resource configuration will be
|
|
|
|
written in cleartext to state and plan files generated by Terraform, and
|
|
|
|
will appear in the console output when Terraform runs. Protect these
|
|
|
|
artifacts accordingly. See
|
|
|
|
[the main provider documentation](../index.html)
|
|
|
|
for more details.
|
|
|
|
|
|
|
|
## Example Usage
|
|
|
|
|
2017-04-08 01:43:24 +02:00
|
|
|
```hcl
|
2016-10-01 03:27:05 +02:00
|
|
|
resource "vault_generic_secret" "example" {
|
|
|
|
path = "secret/foo"
|
|
|
|
|
|
|
|
data_json = <<EOT
|
|
|
|
{
|
|
|
|
"foo": "bar",
|
|
|
|
"pizza": "cheese"
|
|
|
|
}
|
|
|
|
EOT
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
## Argument Reference
|
|
|
|
|
|
|
|
The following arguments are supported:
|
|
|
|
|
|
|
|
* `path` - (Required) The full logical path at which to write the given
|
|
|
|
data. To write data into the "generic" secret backend mounted in Vault by
|
|
|
|
default, this should be prefixed with `secret/`. Writing to other backends
|
|
|
|
with this resource is possible; consult each backend's documentation to
|
|
|
|
see which endpoints support the `PUT` and `DELETE` methods.
|
|
|
|
|
|
|
|
* `data_json` - (Required) String containing a JSON-encoded object that
|
|
|
|
will be written as the secret data at the given path.
|
|
|
|
|
2017-02-08 13:37:37 +01:00
|
|
|
* `allow_read` - (Optional) True/false. Set this to true if your vault
|
|
|
|
authentication is able to read the data, this allows the resource to be
|
|
|
|
compared and updated. Defaults to false.
|
|
|
|
|
2016-10-01 03:27:05 +02:00
|
|
|
## Required Vault Capabilities
|
|
|
|
|
|
|
|
Use of this resource requires the `create` or `update` capability
|
|
|
|
(depending on whether the resource already exists) on the given path,
|
|
|
|
along with the `delete` capbility if the resource is removed from
|
|
|
|
configuration.
|
|
|
|
|
|
|
|
This resource does not *read* the secret data back from Terraform
|
2017-02-08 13:37:37 +01:00
|
|
|
on refresh by default. This avoids the need for `read` access on the given
|
2016-10-01 03:27:05 +02:00
|
|
|
path, but it means that Terraform is not able to detect and repair
|
|
|
|
"drift" on this resource should the data be updated or deleted outside
|
2017-02-08 13:37:37 +01:00
|
|
|
of Terraform. This limitation can be negated by setting `allow_read` to
|
|
|
|
true
|
2016-10-01 03:27:05 +02:00
|
|
|
|
|
|
|
## Attributes Reference
|
|
|
|
|
|
|
|
No additional attributes are exported by this resource.
|