-
Notifications
You must be signed in to change notification settings - Fork 535
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vault_generic_secret data source documentation is confusing #470
Comments
@brunopadz I have exactly the same error, I can get my credentials with data.vault_generic_secret.aws_creds: Reading...
╷
│ Error: no secret found at "cubbyhole/aws"
│
│ with data.vault_generic_secret.aws_creds,
│ on main.tf line 10, in data "vault_generic_secret" "aws_creds":
│ 10: data "vault_generic_secret" "aws_creds" { I tried with different paths, with and without /data but no results. Unfortunately main link about the resource doesn't contain necessary information: https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/generic_secret as main source of code I used this manual: https://dev.to/aws-builders/deploying-iac-with-your-secrets-in-terraform-vault-4ggc my Vault version: 1.12.0 Terraform version: 1.3.3 |
@Andr1500 which version of Vault provider are you running? Here's a snippet that is currently working data "vault_generic_secret" "watchdog" {
path = "tools/watchdog/${local.stack}-${local.env}"
}
resource "kubernetes_secret" "alertmanager_secrets" {
metadata {
name = "alertmanager-secrets"
namespace = "observability"
}
data = {
watchdog_webhook_url = sensitive(data.vault_generic_secret.watchdog.data["WEBHOOK_URL"])
}
} |
@brunopadz "Installed hashicorp/vault v3.10.0 (signed by HashiCorp), hashicorp/aws v4.36.1" |
Have you tried following the example I provided @Andr1500? Since I don't know how your Vault is configured and your secrets are stored it's kinda hard to help you out. |
@brunopadz sorry, but I don't understand how your example works, especially "data.vault_generic_secret.watchdog.data". Can you please share your path of credentials in Vault (in GUI)? |
Hi there,
I recently tried to use
vault_generic_secret
with data source with a Vault server to retrieve access keys and had a hard time to do it just because the documentation is confusing regarding how to define the path to the secret.We are not using the "generic secret backend", but the kv version 1. Documentation says:
So I tried to validate the path with
vault
cli:The same path didn't worked out with Terraform data source.
Then there is also this additional information from the doc:
So I tried with prepending with
secret
, but without success. Also, I couldn't find in the Vault documentation more details on the expected path.After several attempts with paths variations, I found that the actual path is
/kv/apps/foo/bar/pagerduty
, without thedata
path.Terraform Version
Affected Resource(s)
vault_generic_secret
Terraform Configuration Files
Expected Behavior
I should have clear explanation about how to build the path depending on the Vault backend.
Actual Behavior
It's confusing.
Steps to Reproduce
terraform apply
in the same directory where the files are located.The text was updated successfully, but these errors were encountered: