Skip to content

Terraform Provider

Can be used with terraform and opentofu:

Setup

Add the dependency to your main.tf

terraform {
required_providers {
cryptvault = {
source = "cryptvault-cloud/cryptvault"
}
}
}

Configure Provider

provider "cryptvault" {}
Terminal window
terraform init

You can control the entire vault with the Terraform provider:

resource "cryptvault_cloud_vault" "my_vault" {
name = "name_of_your_vault"
token = "token_allow_you_to_create_vault"
}
# Create a new identity keypair
resource "cryptvault_cloud_keypair" "A_Team" {}
# Register Keypair to cryptvault.cloud
resource "cryptvault_cloud_identity" "A_Team" {
name = "A_Team"
vault_id = cryptvault_cloud_vault.my_vault.id
creator_key = cryptvault_cloud_vault.my_vault.operator_private_key
public_key = cryptvault_cloud_keypair.A_Team.public_key
rights = [
{
# A_team can create new identities, but at most with the rights to the VALUES to which it is itself entitled
right_value_pattern = "(rwd)IDENTITY.>"
},
{
# Team internal secrets
right_value_pattern = "(rwd)VALUES.a_team.>"
},
{
# secrets from search_team for a_team
right_value_pattern = "(rwd)VALUES.search_team.a_team.>"
}
]
}
resource "cryptvault_cloud_value" "a_service_admin_key" {
# secret name
name = "VALUES.a_team.a_service.admin_key"
vault_id = cryptvault_cloud_vault.my_vault.id
creator_key = cryptvault_cloud_keypair.A_Team.private_key
passframe = "Some Secret"
# string or json (string is default)
type = "String"
}

Of course, non-Vault admins can also use the terraform provider:

© 2025 CryptVault. All rigths reserved.