Is there any way to terraform a service account access to a specific secret in Google Secret Manager

Question

I see there has been some activity to add secret manager support to Terraform here: https://github.com/terraform-providers/terraform-provider-google/issues/5168

I'm looking for a way to programatically assign secret access to specific Google service accounts. I'm guessing that functionality isn't there yet?

It's not released yet, but the IAM methods are included: https://github.com/terraform-providers/terraform-provider-google-beta/pull/1708/files#diff-8fca81e4ff945e7f28cca9734d1088dd — sethvargo, Feb 05 '20 at 17:57

score 0 · Answer 1 · answered Feb 05 '20 at 23:36

It's not available now but it seems the feature will be released soon. I recommend you take a look at the Google provider and Google beta provider changelogs to be aware of the latest releases.

By the way here you can find the command line tools to create and manage secrets.

score 0 · Answer 2 · answered Mar 06 '20 at 17:28

You can access Secret Manager secrets with Terraform using version 3.8 of the beta provider or higher.

terraform {
  required_version = ">= 0.12"

  required_providers {
    google-beta = ">= 3.8"
  }
}

data "google_secret_manager_secret_version" "my-secret" {
  provider = google-beta

  secret  = "my-secret"
  version = "1"
}

Here's how you access the value:

output "secret" {
  value = data.google_secret_manager_secret_version.my-secret.secret_data
}

Is there any way to terraform a service account access to a specific secret in Google Secret Manager

2 Answers2