unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
A repository to manage the configuration of Vault secret engines, authentication modes and policies.
90 Commits 1 Branch 0 Tags 196 KiB
HCL 98.3%
Makefile 1.7%
master
Go to file
Ben Vincent fdc801739f Merge pull request 'feat: add prowlarr access' (#41) from benvin/prowlarr_policy into master 
Reviewed-on: #41
2026-01-04 23:37:23 +11:00
policies feat: add prowlarr access 2026-01-04 23:36:43 +11:00
resources/k8s/syd1/au/generated_role_rules feat: label kubernetes ephemeral serviceaccounts 2025-12-07 12:41:37 +11:00
.gitignore feat: import current status 2024-09-23 22:01:18 +10:00
.pre-commit-config.yaml chore: allow long lines in yamllint 2025-12-01 21:50:49 +11:00
auth_approle_certmanager.tf feat: update policy names to be path based 2025-11-15 10:48:17 +11:00
auth_approle_incus_cluster.tf feat: update policy names to be path based 2025-11-15 10:48:17 +11:00
auth_approle_packer_builder.tf feat: update policy names to be path based 2025-11-15 10:48:17 +11:00
auth_approle_puppetapi.tf feat: update policy names to be path based 2025-11-15 10:48:17 +11:00
auth_approle_rpmbuilder.tf chore: fix policies for rpmbuilder 2025-11-30 21:24:06 +11:00
auth_approle_rundeck-role.tf feat: update policy names to be path based 2025-11-15 10:48:17 +11:00
auth_approle_sshsign-host-role.tf feat: update policy names to be path based 2025-11-15 10:48:17 +11:00
auth_approle_sshsigner.tf feat: update policy names to be path based 2025-11-15 10:48:17 +11:00
auth_approle_terraform_incus.tf feat: update policy names to be path based 2025-11-15 10:48:17 +11:00
auth_approle_terraform_nomad.tf feat: update policy names to be path based 2025-11-15 10:48:17 +11:00
auth_approle_terraform_repoflow.tf feat: add policy to read terraform vars 2025-12-13 10:56:58 +11:00
auth_approle_tf_vault.tf feat: add kubernetes secrets engine with RBAC roles for au-syd1 cluster 2025-11-27 23:22:13 +11:00
auth_backend_approle.tf feat: import current status 2024-09-23 22:01:18 +10:00
auth_backend_kubernetes.tf feat: add kubernetes secrets engine with RBAC roles for au-syd1 cluster 2025-11-27 23:22:13 +11:00
auth_backend_ldap.tf fix: fix vault_* groups 2024-10-21 20:01:21 +11:00
auth_kubernetes_roles.tf feat: add prowlarr access 2026-01-04 23:36:43 +11:00
engine_k8s_au_syd1.tf feat: label kubernetes ephemeral serviceaccounts 2025-12-07 12:41:37 +11:00
engine_kv.tf feat: import current status 2024-09-23 22:01:18 +10:00
engine_pki_int.tf feat: import current status 2024-09-23 22:01:18 +10:00
engine_pki_root.tf feat: import current status 2024-09-23 22:01:18 +10:00
engine_rundeck.tf feat: import current status 2024-09-23 22:01:18 +10:00
engine_ssh-host-signer.tf feat: import current status 2024-09-23 22:01:18 +10:00
engine_sshca.tf feat: import current status 2024-09-23 22:01:18 +10:00
engine_transit.tf feat: add transit engine 2025-11-15 15:55:51 +11:00
LICENSE Initial commit 2024-09-09 22:57:00 +10:00
main.tf feat: move state path in consul 2025-11-27 21:04:44 +11:00
Makefile feat: add makefile 2025-11-16 12:39:32 +11:00
policies.tf feat: rework policies file 2025-11-16 13:08:50 +11:00
README.md feat: import current status 2024-09-23 22:01:18 +10:00
role_pki_int_servers_default.tf feat: manage k8s auth role integration 2025-11-22 23:21:43 +11:00
role_pki_root_2024_servers.tf feat: import current status 2024-09-23 22:01:18 +10:00
role_ssh-host-signer_hostrole.tf feat: import current status 2024-09-23 22:01:18 +10:00
role_sshca_signhost.tf feat: import current status 2024-09-23 22:01:18 +10:00
shared_locals.tf feat: add kubernetes secrets engine with RBAC roles for au-syd1 cluster 2025-11-27 23:22:13 +11:00

README.md

terraform-vault

A repository to manage the configuration of Vault secret engines, authentication modes and policies.

Usage

  1. Initialize Terraform

Once you have your backend block configured, you need to initialize your Terraform working directory to configure the backend:

terraform init

This command initializes the backend and checks the connection to Consul. If everything is set up correctly, Terraform will start using Consul as its backend for storing the state.

  1. Common terraform init Errors

If you encounter errors while running terraform init, check the following:

Consul server is reachable: Make sure that the address is correct and that you can connect to the Consul server.
Consul token (if using ACLs): Verify that the token has the correct permissions to write to the specified path in the Consul KV store.
  1. Example Consul KV Structure

In Consul, the state file will be stored in the KV store under the specified path:

terraform/state

You can check the Consul KV store by accessing the Consul UI or using the consul kv command to see the stored Terraform state:

consul kv get terraform/state