Use Cases

Configure and Populate Vault with Secrets

  • Initial setup and configuration of Vault
  • Populate with secrets
  • State and plans should be stored with care—will contain the secrets written to Vault in plaintext

Use Vault Credentials in Terraform Config

  • Inject 3rd party provider credentials into config
    • Vault manages credentials
  • Only need suitably privileged Vault token—temporary lease of provider credentials
  • Secrets returned from Vault data sources are stored in state, plan and displayed on command line in plaintext
    • Need to ensure adequate protection
    • Vault provider requests Vault token with short TTL by default (20 mins) to reduce attack window

Graph View