A Terraform module that will create a Google Cloud Platform Service Account with the specified IAM roles applied. The module will also:
- export a service account key and store it at the specified Vault path
- create a Vault GCP Roleset that can be used to fetch a service account token at the specified Vault path
provider "google" {
version = "~> 2.12"
project = var.project
}
provider "vault" {}
module "storage" {
source = "gendall/service-account-vault/google"
key = "secrets/data/my-project/google"
token = "gcp/token/my-project"
roles = [
"roles/object.admin"
]
}
This role will be automatically built and deployed to Terraform Registry when a Semver tag is pushed to the repo.