terraform-provider-secret

command module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 25, 2018 License: Apache-2.0 Imports: 3 Imported by: 0

README

Terraform Provider

Requirements

  • Terraform 0.10.x
  • Go 1.8 (to build the provider plugin)

Building The Provider

Clone repository to: $GOPATH/src/github.com/pearsontechnology/terraform-provider-secret

$ mkdir -p $GOPATH/src/github.com/pearsontechnology; cd $GOPATH/src/github.com/pearsontechnology $ git clone git@github.com:pearsontechnology/terraform-provider-secret

Enter the provider directory and build the provider

$ cd $GOPATH/src/github.com/hashicorp/terraform-provider-secret $ hack/build/build.sh

Using the provider

Using KMS backend

Define your provider's config:

# The following example shows provider using kms backend

provider "secret" {
  backend = "kms"
  config = {
    # You can use AWS_* environment variables, or specify the following options here:
    shared_credentials_file = "~/.aws/credentials"
    profile = "custom_profile"

    # Alternatively, configure AWS settings directly:
    # aws_access_key = "your_access_key"
    # aws_secret_key = "your_secret_key"
    # region = "your_region"
  }
}

Then, you will need to encrypt your secrets using KMS and set variables to encrypted values:

aws kms encrypt --key-id <your_key_id> --region <aws_region> --plaintext "<secret_password_here>" | jq -r ".CiphertextBlob"

Set variable to the encrypted value in terraform.tfvars :

my_secret="AQICAHgtTQGsSDH8txmi3mOt4SDnq6Nb8/3yzY8w/EIHs4S6PAEWV/V6FR5m9DPo02vkTd53AAAAZTBjBgkqhkiG9w0BBwagVjBUAgEAME8GCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMCcL8O2e4qn2m57gsAgEQgCJg7l1u5O0jUudz99t1bLnfV/YOvmg+C5ekB968Egs2FGZB"

Use this together with data source to decrypt your value. In your data_sources.tf

data "secret" "my_secret" {
  encrypted_value = "${var.my_secret}"
}

# ...
# Access value of this secret anywhere referring to secret's "value" attribute

resource ... {
  param  = "${data.secret.my_secret.value}"
}

Developing the Provider

If you wish to work on the provider, you'll first need Go installed on your machine (version 1.8+ is required). You'll also need to correctly setup a GOPATH, as well as adding $GOPATH/bin to your $PATH.

To compile the provider, run make build. This will build the provider and put the provider binary in the $GOPATH/bin directory.

$ hack/build/build.sh
...
$ $GOPATH/bin/terraform-provider-secret
...

In order to test the provider, you can simply run make test.

$ make test

In order to run the full suite of Acceptance tests, run make testacc.

Note: Acceptance tests create real resources, and often cost money to run.

$ make testacc

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
gpg
kms

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL