github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/website/source/docs/providers/vault/r/generic_secret.html.md (about) 1 --- 2 layout: "vault" 3 page_title: "Vault: vault_generic_secret resource" 4 sidebar_current: "docs-vault-resource-generic-secret" 5 description: |- 6 Writes arbitrary data to a given path in Vault 7 --- 8 9 # vault\_generic\_secret 10 11 Writes and manages arbitrary data at a given path in Vault. 12 13 This resource is primarily intended to be used with 14 [Vault's "generic" secret backend](https://www.vaultproject.io/docs/secrets/generic/index.html), 15 but it is also compatible with any other Vault endpoint that supports 16 the `vault write` command to create and the `vault delete` command to 17 delete. 18 19 ~> **Important** All data provided in the resource configuration will be 20 written in cleartext to state and plan files generated by Terraform, and 21 will appear in the console output when Terraform runs. Protect these 22 artifacts accordingly. See 23 [the main provider documentation](../index.html) 24 for more details. 25 26 ## Example Usage 27 28 ```hcl 29 resource "vault_generic_secret" "example" { 30 path = "secret/foo" 31 32 data_json = <<EOT 33 { 34 "foo": "bar", 35 "pizza": "cheese" 36 } 37 EOT 38 } 39 ``` 40 41 ## Argument Reference 42 43 The following arguments are supported: 44 45 * `path` - (Required) The full logical path at which to write the given 46 data. To write data into the "generic" secret backend mounted in Vault by 47 default, this should be prefixed with `secret/`. Writing to other backends 48 with this resource is possible; consult each backend's documentation to 49 see which endpoints support the `PUT` and `DELETE` methods. 50 51 * `data_json` - (Required) String containing a JSON-encoded object that 52 will be written as the secret data at the given path. 53 54 * `allow_read` - (Optional) True/false. Set this to true if your vault 55 authentication is able to read the data, this allows the resource to be 56 compared and updated. Defaults to false. 57 58 ## Required Vault Capabilities 59 60 Use of this resource requires the `create` or `update` capability 61 (depending on whether the resource already exists) on the given path, 62 along with the `delete` capbility if the resource is removed from 63 configuration. 64 65 This resource does not *read* the secret data back from Terraform 66 on refresh by default. This avoids the need for `read` access on the given 67 path, but it means that Terraform is not able to detect and repair 68 "drift" on this resource should the data be updated or deleted outside 69 of Terraform. This limitation can be negated by setting `allow_read` to 70 true 71 72 ## Attributes Reference 73 74 No additional attributes are exported by this resource.