e90070b9a02e84a5d480ad99caf292e531ea7bd3
Manage OpenPGP keys in the gpg engine from Terraform using the new
gpgvaultsecret provider, and create the first key ('pass') for passv.
- Add a gpg_key module wrapping the gpg_key resource; wire it through
vault_cluster (variable + module, depends_on the mount) and config discovery
(config.hcl group keyed <backend>/<name>, syd1 terragrunt input), mirroring
the *_secret_backend_role modules.
- Register the gpg provider in root.hcl (provider block + required_providers,
v0.1.0 from the terraform-unkin registry), alongside litellm.
- Add config/gpg_key/gpg/pass.yaml: an rsa-4096 key 'pass' in the gpg mount for
password-store. Private key stays in Vault; clients import the public key and
delegate decryption to gpg/decrypt/pass.
terraform-vault
A repository to manage the configuration of Vault secret engines, authentication modes and policies.
Usage
- Initialize Terraform
Once you have your backend block configured, you need to initialize your Terraform working directory to configure the backend:
terraform init
This command initializes the backend and checks the connection to Consul. If everything is set up correctly, Terraform will start using Consul as its backend for storing the state.
- Common terraform init Errors
If you encounter errors while running terraform init, check the following:
Consul server is reachable: Make sure that the address is correct and that you can connect to the Consul server.
Consul token (if using ACLs): Verify that the token has the correct permissions to write to the specified path in the Consul KV store.
- Example Consul KV Structure
In Consul, the state file will be stored in the KV store under the specified path:
terraform/state
You can check the Consul KV store by accessing the Consul UI or using the consul kv command to see the stored Terraform state:
consul kv get terraform/state
Languages
HCL
98.9%
Makefile
1.1%