This terraform module mounts GCP Secrets backend with an ACL templated policy. This is designed to run once in a given Vault namespace. Thereafter GCP rolesets would be created independently, using the output of this module to determine the mounted backend path.
GCP SA credentials must be presented as variable with the json contents. It is strongly advised to rotate the key immediately after it setup successfully.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
http://127.0.0.1:8200/v1/gcp/config/rotate-root
Usage:
module "vault_gcp_secrets" {
source = "git::https://github.com/devops-adeel/terraform-vault-secrets-gcp.git?ref=v0.7.3"
credentials = var.credentials
}| Name | Version |
|---|---|
| vault | ~> 2.21.0 |
| Name | Version |
|---|---|
| vault | ~> 2.21.0 |
No modules.
| Name | Type |
|---|---|
| vault_gcp_secret_backend.default | resource |
| vault_identity_group.editor | resource |
| vault_identity_group.rotation | resource |
| vault_identity_group_policies.editor | resource |
| vault_identity_group_policies.rotation | resource |
| vault_policy.editor | resource |
| vault_policy.reader | resource |
| vault_policy.rotation | resource |
| vault_policy_document.editor | data source |
| vault_policy_document.reader | data source |
| vault_policy_document.rotation | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| credentials | GCP SA credentials | string |
n/a | yes |
| Name | Description |
|---|---|
| backend_path | Secrets Backend Path as output |
| identity_group_id | ID of the created Vault Identity Group. |
| reader_policy_name | The name of the GCP Reader Policy |
| rotation_group_id | ID for rotation identity group |