This provider plugin is maintained by the Vault team at HashiCorp.
We recommend that you avoid placing secrets in your Terraform config or state file wherever possible, and if placed there, you take steps to reduce and manage your risk. We have created a practical guide on how to do this with our opensource versions in Best Practices for Using HashiCorp Terraform with HashiCorp Vault:
This webinar walks you through how to protect secrets when using Terraform with Vault. Additional security measures are available in paid Terraform versions as well.
Clone repository to:
$ mkdir -p $GOPATH/src/github.com/hashicorp; cd $GOPATH/src/github.com/hashicorp $ git clone [email protected]:hashicorp/terraform-provider-vault
Enter the provider directory and build the provider
$ cd $GOPATH/src/github.com/hashicorp/terraform-provider-vault $ make build
If you wish to work on the provider, you'll first need Go installed on your machine (version 1.16+ is required). You'll also need to correctly setup a GOPATH, as well as adding
$GOPATH/bin to your
To compile the provider, run
make build. This will build the provider and put the provider binary in the
$ make build ... $ $GOPATH/bin/terraform-provider-vault ...
In order to test the provider, you can simply run
$ make test
In order to run the full suite of Acceptance tests, you will need the following:
Note: Acceptance tests create real resources, and often cost money to run.
VAULT_ADDR- location of Vault
VAULT_TOKEN- token used to query Vault. These tests do not attempt to read
If you wish to run specific tests, use the
TESTARGS environment variable:
TESTARGS="--run DataSourceAWSAccessCredentials" make testacc