Can be used with terraform and opentofu:
Add the dependency to your main.tf
main.tf
terraform { required_providers { cryptvault = { source = "cryptvault-cloud/cryptvault" } } }
provider "cryptvault" {}
terraform init
You can control the entire vault with the Terraform provider:
resource "cryptvault_cloud_vault" "my_vault" { name = "name_of_your_vault" token = "token_allow_you_to_create_vault"}
# Create a new identity keypairresource "cryptvault_cloud_keypair" "A_Team" {} # Register Keypair to cryptvault.cloudresource "cryptvault_cloud_identity" "A_Team" { name = "A_Team" vault_id = cryptvault_cloud_vault.my_vault.id creator_key = cryptvault_cloud_vault.my_vault.operator_private_key public_key = cryptvault_cloud_keypair.A_Team.public_key rights = [ { # A_team can create new identities, but at most with the rights to the VALUES to which it is itself entitled right_value_pattern = "(rwd)IDENTITY.>" }, { # Team internal secrets right_value_pattern = "(rwd)VALUES.a_team.>" }, { # secrets from search_team for a_team right_value_pattern = "(rwd)VALUES.search_team.a_team.>" } ]}
resource "cryptvault_cloud_value" "a_service_admin_key" { # secret name name = "VALUES.a_team.a_service.admin_key" vault_id = cryptvault_cloud_vault.my_vault.id creator_key = cryptvault_cloud_keypair.A_Team.private_key passframe = "Some Secret" # string or json (string is default) type = "String"}
Of course, non-Vault admins can also use the terraform provider: