{"id":25115737,"url":"https://github.com/devops-rob/terraform-vault-consul-secrets-engine","last_synced_at":"2026-02-11T06:01:43.175Z","repository":{"id":110462926,"uuid":"332720948","full_name":"devops-rob/terraform-vault-consul-secrets-engine","owner":"devops-rob","description":"This module enables and configures the Consul secrets engine.","archived":false,"fork":false,"pushed_at":"2021-01-25T11:15:43.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-23T02:55:33.021Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devops-rob.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-25T11:13:23.000Z","updated_at":"2021-01-25T11:14:34.000Z","dependencies_parsed_at":null,"dependency_job_id":"33844f02-b8f6-4dc1-8451-f971eb2a2e50","html_url":"https://github.com/devops-rob/terraform-vault-consul-secrets-engine","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/devops-rob/terraform-vault-consul-secrets-engine","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devops-rob%2Fterraform-vault-consul-secrets-engine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devops-rob%2Fterraform-vault-consul-secrets-engine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devops-rob%2Fterraform-vault-consul-secrets-engine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devops-rob%2Fterraform-vault-consul-secrets-engine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devops-rob","download_url":"https://codeload.github.com/devops-rob/terraform-vault-consul-secrets-engine/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devops-rob%2Fterraform-vault-consul-secrets-engine/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29327823,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-11T03:52:29.695Z","status":"ssl_error","status_checked_at":"2026-02-11T03:52:23.094Z","response_time":97,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-08T02:33:51.325Z","updated_at":"2026-02-11T06:01:43.148Z","avatar_url":"https://github.com/devops-rob.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Consul example\n\n## Overview\n\nThis module enables and configures the Consul secrets engine.\n\n## Example use case\n\nThere are instances where an application may need to read or update consul components, for example, key/value data in the KV store, in an ACL enabled consul cluster. In these scenarios, developers will need to provide the application with a consul acl token.\n\nIn order to reduce the attack surface of the application, developers can leverage Vault to dynamically provision Consul ACL tokens  when an application requires access, and clean the token up when its TTL expires.\n\nThis module can be used to enable and configure the Consul secrets engine for developers to leverage as discussed above.\n\n## Consul Requirements\n\nVault will require a Consul ACL token to authenticate with Consul.  To enable the ACL system in Consul, ensure the ACL stanza is declared in the Consul configuration.\n\nThe below is an example of the ACL stanza:\n\n```json\n\"acl\": {\n      \"enabled\": true,\n      \"default_policy\": \"deny\",\n      \"enable_token_persistence\": true\n}\n```\n\nIt's best practice to create a token specifically for Vault to use. The token will need write permissions on the ACL capability.  The following policy will be sufficient for Vault to work with Consul:\n\n```hcl\nacl = \"write\"\n```\n\nThis policy gives Vault the permissions to create, update and delete Consul ACL tokens.  It will not allow any actions outside of managing the Consul ACL system.\n\n## Usage\n\n```hcl\nprovider \"vault\" {\n  address = \"http://localhost:8200\"\n  token   = var.vault_token\n}\n\nvariable \"vault_token\" {}\nvariable \"consul_token\" {}\n\nmodule \"consul_defaults\" {\n  source          = \"../../\"\n\n  consul_address           = \"http://localhost:8500\"\n  consul_token             = var.consul_token\n  consul_backend_role_name = \"test\"\n\n  consul_policies = [\n    \"test-policy\",\n    \"test-policy-2\"\n  ]\n}\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevops-rob%2Fterraform-vault-consul-secrets-engine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevops-rob%2Fterraform-vault-consul-secrets-engine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevops-rob%2Fterraform-vault-consul-secrets-engine/lists"}