[provider/vault] Priority on env vars

[gaelreyrol]

Hi,

When configuring Vault provider I am not able to override vault configuration using environnement variables like VAULT_CACERT or VAULT_CAPATH using this configuration :

provider "vault" {
  address = "https://vault.internal.lan:443"

  ca_cert_file = "/etc/ssl/certs/internal-ca.pem"
  ca_cert_dir  = "/etc/ssl/certs"
}

It prints out the following on a terraform plan when environnement variable VAULT_CACERT is set to /usr/local/etc/openssl/certs/internal-ca.pem

Error refreshing state: 1 error(s) occurred:

* failed to configure TLS for Vault API: Error loading CA File: open /etc/ssl/certs/internal-ca.pem: no such file or directory

Environnement variables should be able to override variables defined in vault provider or am I thinking wrong ?

Thanks

[jbardin]

Hi @zevran,

It's unfortunately the other way around. The environment variables set the default values first when loading the schema, and the config can override them. I agree that this may not be the expected behavior, and I'll see if we have any precedence for this to make sure it's consistent throughout Terraform.

[gaelreyrol]

I understand !
Anyway I'll find a workaround if this issue it's consistent throughout Terraform.
It appears to be so 😄

Thanks the quick answer.

You're doing a great job by the way.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.