Hashicorp Vault - Update approle secret_id using Terraform
by
Jeremy Canfield |
Updated: July 18 2024
| Hashicorp Vault articles
This assumes the following has already been done.
- Hashicorp Vault has been installed
- Hashicorp Vault has been initialized
- Hashicorp Vault has been unsealed
- You have logged into the vault
This also assumes you have setup and configured Terraform for Hashicorp Vault. If not, check out my article FreeKB - Hashicorp Vault - Getting Started with Terraform.
This also assumes you have already created an approle role using Terraform. If not, check out my article FreeKB - Hashicorp Vault - Create role using Terraform.
By default, each time you run the terraform apply command the approle role secret_id will not be updated or changed. lifecycle can be used if you want the secret_id to be updated each and every time you run the terraform apply command.
resource "null_resource" "always_run" {
triggers = {
timestamp = "${timestamp()}"
}
}
resource "vault_approle_auth_backend_role_secret_id" "id" {
backend = vault_auth_backend.approle.path
role_name = vault_approle_auth_backend_role.foo-role.role_name
lifecycle {
replace_triggered_by = [
null_resource.always_run
]
}
}
Did you find this article helpful?
If so, consider buying me a coffee over at 