Terraform Provider

Github Repo

Can be used with terraform and opentofu:

Terraform Registry Take a look at Terraform registry

Setup

Add the dependency to your main.tf

 terraform {
   required_providers {
     cryptvault = {
       source = "cryptvault-cloud/cryptvault"
     }
   }
 }

Configure Provider

provider "cryptvault" {}

terraform init

You can control the entire vault with the Terraform provider:

• Create a Vault

resource "cryptvault_cloud_vault" "my_vault" {
  name  = "name_of_your_vault"
  token = "token_allow_you_to_create_vault"
}

• Manage Identities

# Create a new identity keypair
resource "cryptvault_cloud_keypair" "A_Team" {}

# Register Keypair to cryptvault.cloud
resource "cryptvault_cloud_identity" "A_Team" {
  name        = "A_Team"
  vault_id    = cryptvault_cloud_vault.my_vault.id
  creator_key = cryptvault_cloud_vault.my_vault.operator_private_key
  public_key  = cryptvault_cloud_keypair.A_Team.public_key
  rights = [
    {
      # A_team can create new identities, but at most with the rights to the VALUES to which it is itself entitled
      right_value_pattern = "(rwd)IDENTITY.>"
    },
    {
      # Team internal secrets
      right_value_pattern = "(rwd)VALUES.a_team.>"
    },
    {
      #  secrets from search_team for a_team
      right_value_pattern = "(rwd)VALUES.search_team.a_team.>"
    }
  ]
}

• Manage secrets

resource "cryptvault_cloud_value" "a_service_admin_key" {
  # secret name
  name        = "VALUES.a_team.a_service.admin_key"
  vault_id    = cryptvault_cloud_vault.my_vault.id
  creator_key = cryptvault_cloud_keypair.A_Team.private_key
  passframe   = "Some Secret"
  # string or json (string is default)
  type        = "String"
}

Tip

You can also take a look at the getting started example:

Example Git Repo A sample implementation of this Getting Started

Of course, non-Vault admins can also use the terraform provider:

See handling example