-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Support the Nomad secrets backend #640
Comments
It looks like this should be pretty similar to the Consul and RabbitMQ backends. I've started a branch in my fork that copies these resources. Assistance welcome https://github.com/spuder/terraform-provider-vault/tree/nomad_secret_backend |
@spuder how is it going? do you still need help? would love to see that in place :) |
I've slowed down the development on this feature due to a limitation on the vault api. There is no way to import an already created vault token, nor is there a way to read back the token if terraform dynamically creates it, which limits the usefulness of terraform here. Additionally the user will need to tread very carefully to not commit tokens to version control or terraform state files.
I've created a WIP merge request where others can join in and contribute. Tasks where others can jump in:
|
In the meantime is possible to use a null resource to invoke the vault cli to create the nomad role.
|
I believe this was added in #923. Thanks! |
Much like is possible for SSH, AWS, Azure, etc., I would like to be able to provision and configure my Vault to provide Nomad authentication.
I believe currently you can only do the creation of the mount, with vault_mount, but not configure any of its details (lease time, Nomad cluster address, tokens, roles, etc.). Requiring us to introduce a shell script just for this part of the configuration, when everything else in our Vault is setup via Terraform, is kind of unfortunate.
The text was updated successfully, but these errors were encountered: