Terraform Provider Vault

Terraform Vault provider
Alternatives To Terraform Provider Vault
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
9 days ago21gpl-3.0Go
Modern self-hosting framework, fully automated from empty disk to operating services with a single command.
Vault Guides936
3 months ago4April 06, 202157mpl-2.0Shell
Example usage of HashiCorp Vault secrets management
Terraform Aws Vault653
4 months ago63August 18, 202171apache-2.0HCL
A Terraform Module for how to run Vault on AWS using Terraform and Packer
Terraform Provisioner Ansible526
2 years ago22December 06, 202010apache-2.0Go
Ansible with Terraform 0.14.x
Vault On Gke465
2 years ago8apache-2.0HCL
Run @HashiCorp Vault on Google Kubernetes Engine (GKE) with Terraform
10 months agon,ullgpl-3.0
Enable enthusiasts and administrators alike to easily provision highly available and production-ready Kubernetes clusters on Proxmox VE.
Terraform Provider Vault40332 days ago28February 25, 2022391mpl-2.0Go
Terraform Vault provider
2 months ago1mitJavaScript
HashiQube - All the Hashicorp products in a Container or VM for anyone to demo or practise with.
9 days ago17unlicenseGo
Command-line processor for HashiCorp config files, like sed for HCL — Terraform, Consul, Nomad, Vault
Vault Infra204
a year agomitHCL
Terraform to create Vault infrastructure
Alternatives To Terraform Provider Vault
Select To Compare

Alternative Project Comparisons

Terraform Provider


This provider plugin is maintained by the Vault team at HashiCorp.

Best Practices

We recommend that you avoid placing secrets in your Terraform config or state file wherever possible, and if placed there, you take steps to reduce and manage your risk. We have created a practical guide on how to do this with our opensource versions in Best Practices for Using HashiCorp Terraform with HashiCorp Vault:

Best Practices for Using HashiCorp Terraform with HashiCorp Vault

This webinar walks you through how to protect secrets when using Terraform with Vault. Additional security measures are available in paid Terraform versions as well.


  • Terraform 0.12.x and above, we recommend using the latest stable release whenever possible.
  • Go 1.19 (to build the provider plugin)

Building The Provider

Clone repository to: $GOPATH/src/github.com/hashicorp/terraform-provider-vault

$ mkdir -p $GOPATH/src/github.com/hashicorp; cd $GOPATH/src/github.com/hashicorp
$ git clone [email protected]:hashicorp/terraform-provider-vault

Enter the provider directory and build the provider

$ cd $GOPATH/src/github.com/hashicorp/terraform-provider-vault
$ make build

Developing the Provider

If you wish to work on the provider, you'll first need Go installed on your machine (version 1.19+ is required). You'll also need to correctly setup a GOPATH, as well as adding $GOPATH/bin to your $PATH.

To compile the provider, run make build. This will build the provider and put the provider binary in the $GOPATH/bin directory.

$ make build
$ $GOPATH/bin/terraform-provider-vault

In order to test the provider, you can simply run make test.

$ make test

In order to run the full suite of Acceptance tests, you will need the following:

Note: Acceptance tests create real resources, and often cost money to run.

  1. An instance of Vault running to run the tests against
  2. The following environment variables are set:
    • VAULT_ADDR - location of Vault
    • VAULT_TOKEN - token used to query Vault. These tests do not attempt to read ~/.vault-token.
  3. The following environment variables may need to be set depending on which acceptance tests you wish to run. There may be additional variables for specific tests. Consult the specific test(s) for more information.
    • GOOGLE_CREDENTIALS the contents of a GCP creds JSON, alternatively read from GOOGLE_CREDENTIALS_FILE
  4. Run make testacc

If you wish to run specific tests, use the TESTARGS environment variable:

TESTARGS="--run DataSourceAWSAccessCredentials" make testacc

Using a local development build

It's possible to use a local build of the Vault provider with Terraform directly. This is useful when testing the provider outside the acceptance test framework.

Configure Terraform to use the development build of the provider.

warning: backup your ~/.terraformrc before running this command:

cat > ~/.terraformrc <<HERE
provider_installation {
  dev_overrides {
    "hashicorp/vault" = "$HOME/.terraform.d/plugins"
  # For all other providers, install them directly from their origin provider
  # registries as normal. If you omit this, Terraform will _only_ use
  # the dev_overrides block, and so no other providers will be available.
  direct {}

Then execute the dev make target from the project root.

make dev

Now Terraform is set up to use the dev provider build instead of the provider from the HashiCorp registry.

Debugging the Provider

The following is adapted from Debugging Providers.

Starting A Provider In Debug Mode

You can enable debbuging with the make debug target:

make debug

This target will build a binary with compiler optimizations disabled and copy the provider binary to the ~/.terraform.d/plugins directory. Next run Delve on the host machine:

dlv exec --accept-multiclient --continue --headless --listen=:2345 \
  ~/.terraform.d/plugins/terraform-provider-vault -- -debug

The above command enables the debugger to run the process for you. terraform-provider-vault is the name of the executable that was built with the make debug target. The above command will also output the TF_REATTACH_PROVIDERS information:


Connect your debugger, such as your editor or the Delve CLI, to the debug server. The following command will connect with the Delve CLI:

dlv connect :2345

At this point you may set breakpoint in your code.

Running Terraform With A Provider In Debug Mode

Copy the line starting with TF_REATTACH_PROVIDERS from your provider's output. Either export it, or prefix every Terraform command with it.

Run Terraform as usual. Any breakpoints you have set will halt execution and show you the current variable values.

Popular Vault Projects
Popular Terraform Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Terraform Provider