The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.


Terraform Plugin

The Terraform provider allows Terraform to utilize secrets from Akeyless Vault.

Terraform can be used by the Vault administrators to configure Vault and populate it with secrets. In this case, the state and any plans associated with the configuration must be stored and communicated with care, since they will contain in clear text any values that were written into Vault.


  1. Set akeyless-vault url in: VAULT_ADDR environment variable on your Terraform server:
export VAULT_ADDR=
  1. Now, you'll need to configure the authentication token that would be used by Terraform to fetch secrets from Akeyless Vault
    Set your Akeyless token in ~/.vault-token
    Supported tokens:
  • Permanent token in the following structure: Access-ID+”..”+Access-Key, in example p-jjdbbkbd..njRThf894chsBXnuh
  • Akeyless temporary API token read more here (this is the recommended and the more secure method). For token rotation please read more here.

Configuring Terraform Plugin

Run the following:
a. Make sure you have secret name test, if not please create this secret:

akeyless create-secret --name test --value <secret value>

b. mkdir test && cd test
c. Create file with this content:

data "vault_generic_secret" "test" {
  path = "secret/test"
# For this example, in Vault there is a key named "test" and the value is the token we need to keep secret.
# In general usage, replace "test" with the key you wish to extract from Vault.
output "rendered" {
  value = "${data.vault_generic_secret.test}"

d. terraform init
e. terraform apply

Updated 4 months ago

Terraform Plugin

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.