github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/website/source/docs/providers/vault/d/generic_secret.html.md (about)

     1  ---
     2  layout: "vault"
     3  page_title: "Vault: vault_generic_secret data source"
     4  sidebar_current: "docs-vault-datasource-generic-secret"
     5  description: |-
     6    Reads arbitrary data from a given path in Vault
     7  ---
     8  
     9  # vault\_generic\_secret
    10  
    11  Reads arbitrary data from a given path in Vault.
    12  
    13  This resource is primarily intended to be used with
    14  [Vault's "generic" secret backend](https://www.vaultproject.io/docs/secrets/generic/index.html),
    15  but it is also compatible with any other Vault endpoint that supports
    16  the `vault read` command.
    17  
    18  ~> **Important** All data retrieved from Vault will be
    19  written in cleartext to state file generated by Terraform, will appear in
    20  the console output when Terraform runs, and may be included in plan files
    21  if secrets are interpolated into any resource attributes.
    22  Protect these artifacts accordingly. See
    23  [the main provider documentation](../index.html)
    24  for more details.
    25  
    26  ## Example Usage
    27  
    28  ```hcl
    29  data "vault_generic_secret" "rundeck_auth" {
    30    path = "secret/rundeck_auth"
    31  }
    32  
    33  # Rundeck Provider, for example
    34  provider "rundeck" {
    35    url        = "http://rundeck.example.com/"
    36    auth_token = "${data.vault_generic_secret.rundeck_auth.data["auth_token"]}"
    37  }
    38  ```
    39  
    40  ## Argument Reference
    41  
    42  The following arguments are supported:
    43  
    44  * `path` - (Required) The full logical path from which to request data.
    45  To read data from the "generic" secret backend mounted in Vault by
    46  default, this should be prefixed with `secret/`. Reading from other backends
    47  with this data source is possible; consult each backend's documentation
    48  to see which endpoints support the `GET` method.
    49  
    50  ## Required Vault Capabilities
    51  
    52  Use of this resource requires the `read` capability on the given path.
    53  
    54  ## Attributes Reference
    55  
    56  The following attributes are exported:
    57  
    58  * `data_json` - A string containing the full data payload retrieved from
    59  Vault, serialized in JSON format.
    60  
    61  * `data` - A mapping whose keys are the top-level data keys returned from
    62  Vault and whose values are the corresponding values. This map can only
    63  represent string data, so any non-string values returned from Vault are
    64  serialized as JSON.
    65  
    66  * `lease_id` - The lease identifier assigned by Vault, if any.
    67  
    68  * `lease_duration` - The duration of the secret lease, in seconds relative
    69  to the time the data was requested. Once this time has passed any plan
    70  generated with this data may fail to apply.
    71  
    72  * `lease_start_time` - As a convenience, this records the current time
    73  on the computer where Terraform is running when the data is requested.
    74  This can be used to approximate the absolute time represented by
    75  `lease_duration`, though users must allow for any clock drift and response
    76  latency relative to to the Vault server.
    77  
    78  * `lease_renewable` - `true` if the lease can be renewed using Vault's
    79  `sys/renew/{lease-id}` endpoint. Terraform does not currently support lease
    80  renewal, and so it will request a new lease each time this data source is
    81  refreshed.