Skip to main content
Demo

Managing Vault with Terraform

Learn how to setup Vault via the Terraform Vault provider and see what it looks like to make ongoing changes to Vault through Git using Terraform.

HashiCorp Vault is a tool that can store and manage secrets—including tokens, passwords, certificates, etc. On-top of this, Vault needs to be managed, which means there needs to be a person or team responsible for setting up Authentication Methods, Policies, and Secrets Engines.

Even though everything in Vault can be setup manually and through the UI, CLI, or API, this talk will show you how to use Terraform and the infrastructure-as-code mindset to setup all the features of Vault via the Terraform Vault provider. Using the provider, teams can now setup all aspects of Vault through code and let Terraform setup the configuration. This allows teams to have a repeatable infrastructure in case teams need to stand up a replica Vault cluster for testing.

Another benefit of using Terraform and storing this code in version control is that it allows all Vault administrators to have full insight into any changes to Vault. Any change becomes a pull request and gets reviewed by the administrators of Vault.

What You'll Learn

This demo will go through the full configuration of a Vault cluster using Terraform's Vault provider. You'll get to see what it would look like for an administrator to make a change in Vault through Git with an infrastructure-as-code mindset.

Demo Repo

You can find the GitHub repository for this demo here

More resources like this one

4/11/2024FAQ

Introduction to HashiCorp Vault

Vault identity diagram
12/28/2023FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

3/15/2023Presentation

Advanced Terraform techniques

3/14/2023Article

5 best practices for secrets management