Generate Data Key from vault transit secret engine

Asked Mar 15 '23 at 08:06

Active Mar 15 '23 at 08:11

Viewed 115 times

I have a running vault server, I enabled transit secret engine and created a vault transit secret backend_key through terraform.

resource "vault_mount" "transit" {
  path = "transit"
  type = "transit"
}


resource "vault_transit_secret_backend_key" "transit_key" {
  backend = vault_mount.transit.path
  name    = "test-pagination-key"
  type    = "chacha20-poly1305"
}

I am able to see the generated backend key in vault UI

Post the creation of this key, I need to go inside key actions and select datakey and select plaintext key and hit "create datakey" to fetch the backend key in plain text format.

But i couldn't find any terraform block to fetch this information using terraform, I have to manually fetch the datakey in plaintext format.

How can I get that key through terraform??

There is an API call I can see from vault documentation, Document

sample request
curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/transit/datakey/plaintext/my-key

sample response
{
  "data": {
    "plaintext": "dGhlIHF1aWNrIGJyb3duIGZveAo=",
    "ciphertext": "vault:v1:abcdefgh"
  }
}

How can I make this API call using terraform??

Kindly gimme some path to proceed forward in this issue

edited Mar 15 '23 at 08:11

Marko E

13,362
2
19
28

asked Mar 15 '23 at 08:06

Bala krishna

Would this work: https://registry.terraform.io/providers/marcofranssen/curl/latest/docs/data-sources/request? – Marko E Mar 15 '23 at 08:11
@MarkoE, how to pass the client token in the request??? – Bala krishna Mar 15 '23 at 08:20
That I don't know, I was looking only at the curl request. – Marko E Mar 15 '23 at 08:21
@MarkoE, token can be passed at provider configuration options. I just found – Bala krishna Mar 15 '23 at 08:27

Generate Data Key from vault transit secret engine

0 Answers0