Closed drewmullen closed 1 week ago
This has to do with missing the default namespace from HCP vault. ill send a PR to make this a little more intuitive for HCP users
Hey @drewmullen! Apologies for the delayed response here. Thanks for the callout on the missing default namespace, will look at getting this added to the Vault example.
On another note, the Vault-backed AWS example configuration is the (newly) supported way of using Vault dynamic credentials in conjunction with the AWS secrets engine and might be what you want here!
Thanks for providing these examples! I built the
vault/
resources with only 1 small change, updatedsecret/*
toaws/*
in the role policy. Everything deployed successfully.However, when I try to have tfc workspace grab creds from my aws secret engine i get the following error:
ERROR:
HCL to to have TFC call vault for aws creds. I've tested this using a vault token locally (removing the
cloud{}
and it worked fineHopefully I'm not missing something easy! Seems to me the issue is at the authn stage, prior to any setup with the secret engine. Any help would be appreciated!