fetching vault secret value using terraform

问题

I am using a vault server with consul as a storage backend and trying to fetch a password value using vault provider in terraform. But it doesn't fetch its value. I stored my secrets at location secret/instances

main.tf

provider "vault" {
 address = "https://<IP_ADDRESS>:<PORT_NUMBER>"
 token = "118bb796-d715-8ce4-b987-7f354ff3f5a7"
}
data "vault_generic_secret" "mypass"{
 path = "secret/instances/password"
}
output "mypassword" {
 value = "${data.vault_generic_secret.mypass.data["value"]}"
}

When i run terraform apply it shows:

data.vault_generic_secret.mypass: Refreshing state...
data.vault_generic_secret.mypass: Refreshing state...

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Please suggest me something what i have done wrong over here as it does not fetch value of password from vault.

回答1:

I also ran into the similar issue and found this post. In my case issue was with compatibility between terraform and vault. I was using KV version 2 which is not compatible with terraform v0.11.10.

Related Issue: GitHub Link

So i will try to write my answer with working example and environment details as it might help other people.

Vault Version: Vault 0.10.1

Secret Engine Type: KV Version 1

Path: srekv1/development

Terraform Version: Terraform v0.11.10

• provider.local v1.1.0
• provider.vault v1.1.4

Terraform Code to pull secret:

provider "vault" {

address = "https://vault-myappXXX.net"
skip_tls_verify = true
token = "95XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}

data "vault_generic_secret" "srekv1" {
  path = "srekv1/development"
}

output Namekv1 {
value = "${data.vault_generic_secret.srekv1.data["Name"]}"
}

回答2:

vault_generic_secret should be defined in a resource block.

You have defined it in a data block.

Ref: https://www.terraform.io/docs/providers/vault/d/aws_access_credentials.html

来源：https://stackoverflow.com/questions/47309229/fetching-vault-secret-value-using-terraform