Add support to manage items within a generic secret

[kaerimichi]

Description

This PR add support for the vault_generic_secret_item resource.

This new feature aims to enhance the existing vault_generic_secret resource in the terraform-provider-vault by allowing granular management of key/value items within a Vault generic secret (KV). Currently, this resource enables management at the whole secret level, meaning the entire secret is created or destroyed as a single unit. This enhancement provides the ability to create, update, and delete individual key/value pairs within a secret, offering more precise control over secrets management.

Users can now update specific key/value pairs within an existing secret without affecting other items. This is particularly useful in scenarios where multiple applications or services share a secret, and individual updates need to be isolated.

With the ability to manage keys within a secret, users can avoid destroying the entire secret when running terraform destroy on specific key/value pairs. By isolating key/value updates, the risk of accidental data loss or exposure due to the complete deletion of secrets is minimized. The feature also introduces a more efficient way of managing secrets, as users no longer need to recreate entire JSON structures for minor updates.

Use Cases

• Managing configuration secrets shared among various microservices in a dynamic application environment.
• Facilitating compliance and security requirements by ensuring that secrets are consistently managed and never inadvertently deleted.
• Enabling iterative development practices by allowing incremental secret updates without reconfiguration of dependent services.

Checklist

• Added CHANGELOG entry (only for user-facing changes)
• Acceptance tests where run against all supported Vault Versions

Output from acceptance testing:

$ make testacc TESTARGS='-run="(TestDataSourceGenericSecretItem|TestResourceGenericSecretItem)"'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test -run="(TestDataSourceGenericSecretItem|TestResourceGenericSecretItem)" -timeout 30m ./...
?       github.com/hashicorp/terraform-provider-vault   [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/coverage      [no test files]
?       github.com/hashicorp/terraform-provider-vault/cmd/generate      [no test files]
?       github.com/hashicorp/terraform-provider-vault/helper    [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/consts   [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/identity/group   [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/identity/mfa     [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/pki      [no test files]
?       github.com/hashicorp/terraform-provider-vault/internal/sync     [no test files]
?       github.com/hashicorp/terraform-provider-vault/schema    [no test files]
ok      github.com/hashicorp/terraform-provider-vault/codegen   0.882s [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/internal/identity/entity  1.019s [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/internal/provider 2.173s [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/testutil  2.655s [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/util      3.223s [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/util/mountutil    1.291s [no tests to run]
ok      github.com/hashicorp/terraform-provider-vault/vault     33.111s

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

[hashicorp-cla-app]

All committers have signed the CLA.

[heatherezell]

Hi there @kaerimichi - please feel free to tag me directly when you feel this is ready for review! I'll get direct notifications when you do. Thank you!

[kaerimichi]

@heatherezell it's now ready for review! please let me know if this addition makes sense... thanks in advance

[edgarsandi]

@heatherezell do you have a plan if and when this PR will be merged?

Is it a good feature for you? If not, why not?

We need the proposed solution and are currently considering using @kaerimichi's fork for now.

[heatherezell]

@heatherezell do you have a plan if and when this PR will be merged?

Is it a good feature for you? If not, why not?

We need the proposed solution and are currently considering using @kaerimichi's fork for now.

Thanks for checking in! Our engineering and product teams will be taking this under consideration. I can't guarantee a timeline, as it's a net-new feature, but we hear that folks want it included. :)