Use Vault-generated dynamic credentials to provision infrastructure. Learn how to inject secrets into your Terraform configuration using the Vault provider.
Traditionally, developers looking to safely provision infrastructure using Terraform are given their own set of long-lived, scoped AWS credentials. While this enables the developer's freedom, using long-lived credentials can be dangerous and difficult to secure.
The new tutorial, Inject secrets into Terraform using the Vault provider, will guide you through storing your long-lived AWS credentials in Vault's AWS Secrets Engine, then leveraging Terraform's Vault provider to generate appropriately scoped & short-lived AWS credentials to be used by Terraform to provision resources in AWS.
By using Vault, developers can provision resources without direct access to secrets. Operators are able to manage permissions by modifying a Vault role’s policy, instead of juggling static, long-lived secrets with varying scope.
By the end of this tutorial, you will understand how to use Vault to inject secrets into Terraform configuration, and the benefits and considerations of using this approach.
New Sentinel HTTP import capabilities in Vault Enterprise 1.5 enable new sophisticated governance policies. See it in action.
Terraform 0.14 is now available in beta and features improvements in security, visibility, and stability.
Try HashiCorp Vault as a managed cloud service by signing up for the HCP Vault private beta.