Create a new version of key vault secret using Terraform

Question

I am trying to create a new version of key vault secret which already exists. But it always gives me error while using the below code when the secret already exist. Is there any way to create new version of secret.

resource "azurerm_key_vault_secret" "example" {
 name         = "test"
 value        =  random_password.password.result
 key_vault_id = data.azurerm_key_vault.keyvault.id
}

I always get this error │ Error: A resource with the ID "https://dev-kv.vault.azure.net/secrets/test/9d2108c9695a366" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_key_vault_secret" for more information.

Vova Bilyachat · Accepted Answer · 2021-05-20T00:13:39.663

6

Terraform is using state file, unfortunately it does not support upsert. So you have 3 options here.

Delete your secret "test" from keyvault and run terraform
import resource to terraform state file with test secret
just choose different name

edited May 20 '21 at 00:13

answered May 20 '21 at 00:08

Vova Bilyachat

18,765
4
55
80

Yes @Vova, I think its not yet matured in terraform yet to do upsert – Rohit May 21 '21 at 01:47
Using terraform cloud I was constantly running refresh plans; deleting the offending secret from keyvault (and purging it) then running another terraform plan has worked for me. – sezmeralda Jan 25 '22 at 20:37

Create a new version of key vault secret using Terraform

1 Answers1