Read secrets stored with credstash.
-
Create a terraformrc file
# ~/.terraformrc providers { credstash = "/path/to/bin/terraform-provider-credstash" } -
Profit
$ go get -v -u github.com/sspinc/terraform-provider-credstash
provider "credstash" {
table = "credential-store"
region = "us-east-1"
}
data "credstash_secret" "rds_password" {
name = "rds_password"
}
data "credstash_secret" "my_secret" {
name = "some_secret"
version = "0000000000000000001"
}
resource "aws_db_instance" "postgres" {
password = "${data.credstash_secret.rds_password.value}"
# other important attributes
}AWS credentials are not directly set. Use one of the methods discussed here.
You can set a specific profile to use:
provider "credstash" {
region = "us-east-1"
profile = "my-profile"
}For vendoring govendor is used.