Read secrets stored with credstash.
-
Create the terraform plugin directory
$ mkdir ~/.terraform.d/plugins
-
Copy the provider binary to the terraform plugin directory
$ cp /path/to/terraform-provider-credstash ~/.terraform.d/plugins/terraform-provider-credstash_v0.5.0
-
Profit
$ git clone https://github.com/joshuamorris3/terraform-provider-credstash.git
$ cd /path/to/terraform-provider-credstash
$ make install
provider "credstash" {
table = "credential-store"
region = "us-east-1"
}
data "credstash_secret" "rds_password" {
name = "rds_password"
}
data "credstash_secret" "my_secret" {
name = "some_secret"
version = "0000000000000000001"
}
resource "aws_db_instance" "postgres" {
password = "${data.credstash_secret.rds_password.value}"
# other important attributes
}
You can override the table on a per data source basis:
data "credstash_secret" "my_secret" {
table = "some_table"
name = "some_secret"
version = "0000000000000000001"
}
AWS credentials are not directly set. Use one of the methods discussed here.
You can set a specific profile to use:
provider "credstash" {
region = "us-east-1"
profile = "my-profile"
}
You can set a specific role arn:
provider "credstash" {
region = "us-east-1"
assume_role {
role_arn = "arn:aws:iam::<acccount>:<role name>
duration_seconds = 600
}
}
If you are using a custom KMS key to encrypt your secrets, you will need to provide the key ID, ARN, alias, or alias ARN as the value for key_id
.
See the KeyId
decription in the AWS SDK documentation for EncryptInput or DecryptInput
provider "credstash" {
table = "credential-store"
region = "us-east-1"
assume_role {
role_arn = "arn:aws:iam::<acccount>:<role name>
duration_seconds = 600
}
key_id = "1234abcd-12ab-34cd-56ef-1234567890ab"
}
For dependency management Go modules are used thus you will need go 1.11+
- Clone the repo
git clone https://github.com/joshuamorris3/terraform-provider-credstash.git
- Run
make test
to run all tests
- Fork the project and clone it locally
- Open a feature brach
git checkout -b my-awesome-feature
- Make your changes
- Commit your changes
- Push your changes
- Open a pull request