[Enhancement]: Add computed `version` output to `vault_kv_secret_v2` resource

[rwblokzijl]

Description

The vault_kv_secret_v2 resource currently writes a secret to Vault but does not expose the resulting KV v2 version as an output attribute.
When writing a new version of a secret, Vault automatically increments the version number, but Terraform users have no way to retrieve it from the resource within the same apply to trigger other dependent resources.

Even the accompanying datasource and ephemeral resource have their issues in achieving this. The datasource is deprecated, and returns the older version when the fields are updated. The ephemeral resource only returns an ephemeral value, making the version hard to use anywhere.

Affected Resource(s) and/or Data Source(s)

• vault_kv_secret_v2

Potential Terraform Configuration

resource "vault_kv_secret_v2" "example" {
  mount = "secret"
  name  = "my-app"
  data_json = jsonencode({
    username = "admin"
    password = "p@ssw0rd"
  })
}

# Hypothetical resource that must run when the secret changes
resource "some_service_config" "with_secret" {
  secret_version = vault_kv_secret_v2.example.version
  secret_name    = vault_kv_secret_v2.example.name
}

output "secret_version" {
  value = vault_kv_secret_v2.example.version
}

References

No response

Would you like to implement a fix?

No