terraform-vault/main.tf

#-------------------------------------------
# locals
#-------------------------------------------
locals {
  vault_addr = "https://vault.service.consul:8200"
}

#-----------------------------------------------------------------------------
# Configure this provider through the environment variables:
#    - VAULT_ADDR
#    - VAULT_TOKEN
#-----------------------------------------------------------------------------
provider "vault" {
  address = local.vault_addr
}

#------------------------------------------------------------------------------
# Use remote state file and encrypt it since your state files may contains
# sensitive data.
# export CONSUL_HTTP_TOKEN=<your-token>
#------------------------------------------------------------------------------
terraform {
  backend "consul" {
    address = "https://consul.service.consul"
    path    = "infra/terraform/vault/state"
    scheme  = "https"
    lock    = true
    ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
  }
  required_version = ">= 1.10"
  required_providers {
    vault = {
      source  = "hashicorp/vault"
      version = "5.4.0"
    }
  }
}