{"id":20398486,"url":"https://github.com/keeper-security/terraform-provider-secretsmanager","last_synced_at":"2026-02-24T00:06:56.609Z","repository":{"id":38444439,"uuid":"409733941","full_name":"Keeper-Security/terraform-provider-secretsmanager","owner":"Keeper-Security","description":null,"archived":false,"fork":false,"pushed_at":"2025-04-10T05:31:49.000Z","size":360,"stargazers_count":10,"open_issues_count":4,"forks_count":6,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-04-12T13:13:50.118Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Keeper-Security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-23T20:23:41.000Z","updated_at":"2025-04-10T05:31:54.000Z","dependencies_parsed_at":"2024-11-13T15:44:14.067Z","dependency_job_id":null,"html_url":"https://github.com/Keeper-Security/terraform-provider-secretsmanager","commit_stats":null,"previous_names":["keeper-security/terraform-provider-keeper"],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keeper-Security%2Fterraform-provider-secretsmanager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keeper-Security%2Fterraform-provider-secretsmanager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keeper-Security%2Fterraform-provider-secretsmanager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keeper-Security%2Fterraform-provider-secretsmanager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Keeper-Security","download_url":"https://codeload.github.com/Keeper-Security/terraform-provider-secretsmanager/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248571849,"owners_count":21126522,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T04:22:17.113Z","updated_at":"2026-02-24T00:06:56.604Z","avatar_url":"https://github.com/Keeper-Security.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Keeper Secrets Management For Terraform Header](https://github.com/user-attachments/assets/73ac989e-deb1-4946-bcee-4d34fb96bdcf)\n\n\u003ch1 align=\"center\"\u003eKeeper Secrets Management For Terraform\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://docs.keeper.io/secrets-manager/secrets-manager/integrations/terraform\"\u003eView docs\u003c/a\u003e\n\u003c/p\u003e\n\u003cbr/\u003e\n\nKeeper Secrets Manager provides your DevOps, IT Security and software development teams with a fully cloud-based, zero-knowledge platform for managing all of your infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data. Essential tool for every engineer who wants to securely provision passwords and keys throughout entire development stack with just a few lines of code.\n\n## Setup Secrets Manager\n\nIn order to set up Secrets Manager on a Keeper Enterprise Account follow the [Quick Start Guide](https://docs.keeper.io/secrets-manager/secrets-manager/quick-start-guide).\n\n### Create Secrets Manager application\n- Using Keeper **Commander** CLI\n```bash\nMy Vault\u003e sm app create [NAME]\nMy Vault\u003e sm share add --app [NAME] --secret [UID] --editable\nMy Vault\u003e sm client add --app [NAME] --unlock-ip --count 1\n```\n- Using Keeper **Secrets Manager** CLI and token generated while creating client (_use_ `sm client add` command above) generate local configuration\n```bash\n$ ksm profile init --token [TOKEN]\n```\n\n- Find record UID of a shared secret you want to use\n```bash\n$ ksm secret list\n$ ksm secret get -u [UID]\n```\n\n### Plugin configuration\n- Keeper credential could be generated with `ksm profile init` command, read from file, or sourced from the `KEEPER_CREDENTIAL` environment variable.  \nGenerate `credential` using Commander CLI\n```\nsm client add --app \u003cAPP_NAME\u003e --unlock-ip --config-init=b64\n```\n`main.tf`\n```\nterraform {\n  required_providers {\n    # add keeper secrets manager plugin\n    secretsmanager = {\n      source  = \"keeper-security/secretsmanager\"\n      version = \"\u003e= 1.1.7\"\n    }\n  }\n}\n\n# Configure plugin\nprovider \"secretsmanager\" {\n  credential = file(\"~/.keeper/credential\")\n}\n```\n- Data source usage - see working [examples](./examples) in this repo.\n\n## Support\n\nIf you need help, send an e-mail to [sm@keepersecurity.com](mailto:sm@keepersecurity.com)\n\n## Development\n\n### Building\n\nGet the source code:\n\n```bash\ngit clone https://github.com/keeper-security/terraform-provider-secretsmanager\n```\n\nBuild it using:\n\n```bash\ngo build\n```\n\n### Testing\n\nTo run the [acceptance tests](https://www.terraform.io/docs/extend/testing/acceptance-tests/index.html), the following environment variables need to be set up.\n\n* `KEEPER_CREDENTIAL` - Keeper Secrets Manager Credentials.\n\nThe acceptance tests expect to find certain records shared to your application - use the script below to create and populate shared folder named `tf_acc_test_dir` with the required records (_use_ [Keeper Commander CLI](https://docs.keeper.io/secrets-manager/commander-cli))\n\n_Note:_ If you get **throttled** simply re-run the same command again (_and ignore any_ `'...already exists'` _messages on consecutive runs_)\n\n`keeper tf_acc_test.cmd --batch-mode`\n\nContents of `tf_acc_test.cmd`:\n```\n@mkdir -sf -a /tf_acc_test_dir\n@cd /tf_acc_test_dir\n@add title=tf_acc_test_field notes=tf_acc_test_field type=login fields.login=tf_acc_test_field\n@add title=tf_acc_test_login notes=tf_acc_test_login type=login\n@add title=tf_acc_test_bank_account notes=tf_acc_test_bank_account type=bankAccount fields.bankAccount.accountNumber=1234\n@add title=tf_acc_test_address notes=tf_acc_test_address type=address\n@add title=tf_acc_test_bank_card notes=tf_acc_test_bank_card type=bankCard\n@add title=tf_acc_test_birth_certificate notes=tf_acc_test_birth_certificate type=birthCertificate\n@add title=tf_acc_test_contact notes=tf_acc_test_contact type=contact fields.name.first=John fields.name.last=Doe\n@add title=tf_acc_test_driver_license notes=tf_acc_test_driver_license type=driverLicense\n@add title=tf_acc_test_encrypted_notes notes=tf_acc_test_encrypted_notes type=encryptedNotes\n@add title=tf_acc_test_file notes=tf_acc_test_file type=file\n@add title=tf_acc_test_health_insurance notes=tf_acc_test_health_insurance type=healthInsurance\n@add title=tf_acc_test_membership notes=tf_acc_test_membership type=membership\n@add title=tf_acc_test_passport notes=tf_acc_test_passport type=passport\n@add title=tf_acc_test_photo notes=tf_acc_test_photo type=photo\n@add title=tf_acc_test_server_credentials notes=tf_acc_test_server_credentials type=serverCredentials\n@add title=tf_acc_test_software_license notes=tf_acc_test_software_license type=softwareLicense\n@add title=tf_acc_test_ssn_card notes=tf_acc_test_ssn_card type=ssnCard\n@add title=tf_acc_test_ssh_keys notes=tf_acc_test_ssh_keys type=sshKeys\n@add title=tf_acc_test_database_credentials notes=tf_acc_test_database_credentials type=databaseCredentials\n```\n\nWith the environment variables properly set up, run:\n\n```bash\nexport TF_ACC=1 ; go test ./...\n```\n\nor set all required environment variables and run tests with a single command line\n```bash\nexport TF_ACC=1 ; export KEEPER_CREDENTIAL=\u003cXXX\u003e ; go test ./...\n```\n------\n# Terraform Provider\n\nThe Keeper Secrets Manager Terraform Provider lets you manage your secrets using Terraform.\nIt is officially supported and actively maintained by Keeper Security.\n\n## Usage\n### Terraform v0.13 or above ([Terraform Registry](https://registry.terraform.io/))\n```hcl\nterraform {\n  required_providers {\n    secretsmanager = {\n      source  = \"keeper-security/secretsmanager\"\n      version = \"\u003e= 1.1.7\"\n    }\n  }\n}\n\nprovider \"secretsmanager\" {\n  credential = \"\u003cCREDENTIAL\u003e\"\n  # credential = file(\"~/.keeper/credential\")\n}\n\ndata \"secretsmanager_database_credentials\" \"my_db_creds\" {\n  path  = \"\u003cUID\u003e\"\n}\n\noutput \"db_type\" {\n  value = data.secretsmanager_database_credentials.my_db_creds.db_type\n}\n\noutput \"login\" {\n  value = data.secretsmanager_database_credentials.my_db_creds.login\n}\n```\n\n### Terraform v0.13 and above ([GitHub](https://github.com/keeper-security/terraform-provider-secretsmanager/) manual install)\n\nDownload archive with the [latest release](https://github.com/keeper-security/terraform-provider-secretsmanager/releases/latest) for your platform and copy it to the corresponding plugin folder (_Linux and MacOS:_ `~/.terraform.d/plugins/github.com/keeper-security/secretsmanager` _Windows:_ `%APPDATA%/terraform.d/plugins/github.com/keeper-security/secretsmanager`)  \nUse the same config from above just remember to initialize `source` with the full URL `source  = \"github.com/keeper-security/secretsmanager\"`\n\nMacOS:\n```bash\nmkdir -p ~/.terraform.d/plugins/github.com/keeper-security/secretsmanager \u0026\u0026 \\\ncd ~/.terraform.d/plugins/github.com/keeper-security/secretsmanager \u0026\u0026 \\\ncurl -SfLOJ https://github.com/keeper-security/terraform-provider-secretsmanager/releases/latest/download/terraform-provider-secretsmanager_1.0.0_darwin_amd64.zip\n```\nWindows:\n```bash\nSETLOCAL EnableExtensions \u0026\u0026 ^\nmkdir %APPDATA%\\.terraform.d\\plugins\\github.com\\keeper-security\\secretsmanager \u0026\u0026 ^\ncd %APPDATA%\\.terraform.d\\plugins\\github.com\\keeper-security\\secretsmanager \u0026\u0026 ^\ncurl -SfLOJ https://github.com/keeper-security/terraform-provider-secretsmanager/releases/latest/download/terraform-provider-secretsmanager_1.0.0_windows_amd64.zip\n```\nHave a look at some working [examples](./examples) in this repo.\n\n### Terraform v0.12 and below\nManually install the Keeper Secrets Manager provider by downloading the corresponding archive for your platform then extract the executable and move it to `~/.terraform/plugins` or `%APPDATA%\\terraform.d\\plugins` on Windows.\n\nAfterwards you can run the following example with Terraform.\n```hcl\nterraform {\n  required_providers {\n    secretsmanager = {\n      version = \"\u003e= 1.1.7\"\n    }\n  }\n}\n\nprovider \"secretsmanager\" {\n  credential = \"\u003cCREDENTIAL\u003e\"\n  # credential = file(\"~/.keeper/credential\")\n}\n\ndata \"secretsmanager_database_credentials\" \"my_db_creds\" {\n  path  = \"\u003cUID\u003e\"\n}\n\noutput \"db_type\" {\n  value = data.secretsmanager_database_credentials.my_db_creds.db_type\n}\n\noutput \"login\" {\n  value = data.secretsmanager_database_credentials.my_db_creds.login\n}\n```\nHave a look at some working [examples](./examples) in this repo.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeeper-security%2Fterraform-provider-secretsmanager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeeper-security%2Fterraform-provider-secretsmanager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeeper-security%2Fterraform-provider-secretsmanager/lists"}