search

sspinc / terraform-provider-credstash

Terraform provider for secrets stored with credstash
MIT License
68 stars 35 forks source link

Is there a way to pass KMS Key ID or Alias? #20

Closed vikas027 closed 4 years ago

vikas027 commented 4 years ago

Is there a way to pass KMS Key ID or alias too in the provider section?

provider "credstash" {
  table  = "my-table"
  region = "ap-southeast-2"
}
tmichel commented 4 years ago

No, there is no need to pass the KMS key at all. The key name is only used when creating the secrets and then it is stored in the database so at decryption it is readily available. Even credstash does not allow specifying the KMS key when you retrieve a secret.

> credstash get --help
usage: credstash get [-h] [-n] [-v VERSION] [-f {json,csv,dotenv}]
                     credential [context [context ...]]

positional arguments:
  credential            the name of the credential to get. Using the wildcard
                        character '*' will search for credentials that match
                        the pattern
  context               encryption context key/value pairs associated with the
                        credential in the form of "key=value"

optional arguments:
  -h, --help            show this help message and exit
  -n, --noline          Don't append newline to returned value (useful in
                        scripts or with binary files)
  -v VERSION, --version VERSION
                        Get a specific version of the credential (defaults to
                        the latest version)
  -f {json,csv,dotenv}, --format {json,csv,dotenv}
                        Output format. json(default) csv or dotenv.
vikas027 commented 4 years ago

@tmichel - Ah, my apologies. I mixed it up with the put command where you can specify a KMS key.