M terraform_vault/secrets.tf => terraform_vault/secrets.tf +17 -4
@@ 1,5 1,18 @@
-resource "vault_mount" "kv" {
- path = "ansible"
- type = "kv-v2"
- description = "Ansible secrets store"
+locals {
+ users = toset(["xenrox", "seeguen", "test"])
+ ansible_secrets = toset(["nextcloud", "peertube", "vault"])
+}
+
+resource "vault_generic_secret" "ansible_secrets" {
+ for_each = local.ansible_secrets
+
+ path = "ansible/${each.key}"
+ data_json = file("/home/xenrox/decrypted/vault/${each.key}.json")
+}
+
+resource "vault_generic_secret" "users" {
+ for_each = local.users
+
+ path = "ansible/users/${each.key}"
+ data_json = file("/home/xenrox/decrypted/vault/users/${each.key}.json")
}
A terraform_vault/secrets_engines.tf => terraform_vault/secrets_engines.tf +5 -0
@@ 0,0 1,5 @@
+resource "vault_mount" "kv" {
+ path = "ansible"
+ type = "kv-v2"
+ description = "Ansible secrets store"
+}