Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement]: Allow updating vault_kv_secret_v2 metadata with disable_read=true #2273

Open
mxk opened this issue Jun 13, 2024 · 0 comments
Open

[Enhancement]: Allow updating vault_kv_secret_v2 metadata with disable_read=true #2273

mxk opened this issue Jun 13, 2024 · 0 comments
Labels
enhancement

Comments

@mxk
Copy link

mxk commented Jun 13, 2024

Description

We are using Terraform to provision our Vault, but we cannot have any secrets show up in the state. We would like to use vault_kv_secret_v2 to create keys and optionally set non-secret metadata. With disable_read=true, we understand that drift would not be detected, but the desired behavior is that any updates to the metadata in Terraform config would be applied.

Currently, this does not work because with data_json set to "{}", any metadata changes wipe all the actual data that was set via the Vault CLI.

Affected Resource(s) and/or Data Source(s)

  • vault_kv_secret_v2

Potential Terraform Configuration

resource "vault_kv_secret_v2" "main" {
  mount               = vault_mount.main.path
  name                = "key"
  disable_read        = true
  delete_all_versions = true
  data_json           = "{}" # Would rather set to null

  custom_metadata {
    data = { key = "value" }
  }
}

References

No response

Would you like to implement a fix?

No
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mxk