mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-23 23:51:08 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/docs/import/gcpsm.mdx
Robert 5fac327dae
Secrets Import documentation (#25594) 
* Start import docs

* Use hideClipboard block on output

* Reorganize mappings and source docs

* Change experimental to alpha

* Change list tag to alpha

* Apply suggestions from code review

---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
2024-03-27 09:35:29 -05:00

53 lines
1.7 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: GCP secret import source
description: The Google Cloud Platform Secret Manager source imports secrets from GCP to Vault.
---
# GCP import source
Use the GCP source to import secret data from GCP Secret Manager into your Vault instance. To use dynamic
credentials with GCP import, ensure the [GCP secrets engine](/vault/docs/secrets/gcp) is
already configured.
## Argument reference
Refer to the [HCL syntax](/vault/docs/import#hcl-syntax-1) for arguments common to all source types.
## Additional arguments
- `credentials` `(string: "")` - The path to the service account key credentials file for the service account
with the [necessary permissions](#permissions). If `credentials` is set, then `vault_mount_path` and
`vault_role_name` must be unset.
- `vault_mount_path` `(string: "")` - The Vault mount path to a pre-configured GCP
secrets engine used to generate dynamic credentials for the importer. If
`vault_mount_path` or `vault_role_name` are set, then `credentials` must be
unset.
- `vault_role_name` `(string: "")` - The Vault role used to generate a dynamic
credential for the importer. The role name must exist in the pre-configured
GCP secrets engine mount. If `vault_role_name` or `vault_mount_path` are set,
then `credentials` must be unset.
## Example
Define and configure the `my-gcp-source-1` GCP source:
```hcl
source_gcp {
name = "my-gcp-source-1"
secrets_engine_mount = "gcp"
secrets_engine_role = "my-gcp-role-1"
}
```
## Permissions
To use GCP import, you must grant the associated GCP identity permission to read secrets:
```shell-session
"secretmanager.secrets.list",
"secretmanager.versions.access",
```
Reference in New Issue View Git Blame Copy Permalink