Inject secrets into Terraform
Automate the usage of dynamically generated secrets and credentials.
Long-living credentials pose a major risk for users and organizations
Many organizations have credentials hard coded in source code, littered throughout configuration files and configuration management tools, and stored in plain text in version control, wikis, and shared volumes. Safeguarding and ensuring that a credential isn’t leaked, or in the likelihood it is, that the organization can quickly revoke access and remediate, is a complex problem to solve.
Create automated short-lived dynamic credentials across your environments
A dynamic secret is generated on demand and is unique to a client, as opposed to a static secret, which is defined ahead of time and shared. HashiCorp Vault associates each dynamic secret with a lease and automatically destroys the credentials when the lease expires. Vault supports dynamic secrets with a wide range of systems and is easily extensible with plugins.
Inject secrets into Terraform using the Vault provider
Configure the AWS secrets engine to manage IAM credentials in Vault through Terraform.
Terraform Cloud secrets engine
Dynamically generate, manage, and revoke credentials for Terraform Cloud.
Codify management of Vault using Terraform
Use HashiCorp Terraform's Vault provider to codify Vault management to increase repeatability while reducing human errors.