'How to create a Hashicorp Vault user using Terraform

I am trying to create a Vault user in Terraform but can't seem to find the appropriate command to do so. I've searched the Terraform Registry and also performed some online searches but all to no avail.

All I'm looking to do is create a user, using the corresponding Terraform command to the Vault CLI command below:

vault write auth/userpass/users/bob password="passworld123" policies="default"

Any suggestions?


authenticationterraformcommand-line-interfacehashicorp-vaultvault


Solution 1:[1]

@hitman126 I guess you can take use of 'vault' provider module and 'vault_auth_backend' resource block. I guess your code should look like something similar to below

terraform {
  required_providers {
    vault = {
      source = "hashicorp/vault"
      version = "3.5.0"
    }
  }
}

provider "vault" {

}

resource "vault_auth_backend" "example" {
  type = "userpass"
}

resource "vault_generic_secret" "developer_sample_data" {
  path = "secret/foo"

  data_json = <<EOT
{
  "username": "bob",
  "password": "passworld123"
}
EOT
}

In above code block, path is one full logic path where we write given data.To write data into the "generic" secret backend mounted in Vault by default, this should be prefixed with 'secret/'.

This might not be a full-fledged solution, but you can try something like this

Solution-2 :

If you have installed vault in machine and you would like to achieve above use case using vault command alone(if you don't want to use terraform-vault provider), then you can try something below

  1. create one small sh script with above vault command. (valut-write.sh)
touch vault-write.sh

let content of script can be similar to below

#!/bin/sh
vault write auth/userpass/users/bob password="passworld123" policies="default" 

chmod +x vault-write.sh
  1. Create a .tf file with null resource, local-exec provisioner and invoke this sh script.
touch vault.tf

contents of vault.tf file can be similar to below

terraform {
  required_version = "~> 1.1.1"
}

resource "null_resource" "vault_write" {

 provisioner "local-exec" {

    command = "/bin/sh vault-write.sh"
  }
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

How to avoid terminal to catch error instead of Symfony profiler

How to find command line executable (cli) in TYPO3 in Composer and non Composer mode?

Yii2: How do I debug console commands?

How to run a Mininet CLI command from inside python module

Is there a way to erase the last line of output?

How to query CSV using pure spark sql

How to query CSV using pure spark sql

Parsing HTML on the command line; How to capture text in <strong></strong>?

Short flag for `git push --force-with-lease`?

Swagger-codegen: error: ignored arguments: 'Object'

Change directory in Jupyter Lab not working

How to open Visual Studio Code from the command line on OSX?

How do I run a gui Java application headless, without control of the source code?

How to create a GitHub repository secret /encrypt it using bash on Ubuntu?

How to set global configuration for angular-cli?