在没有保管库的情况下处理 Terraform 中的 Openstack 提供商凭证

Question

Is there any option available for handling Openstack provider credentials in Terraform similar to the one exists in AWS provider like Environment variables .

My Usecase:

As part of the POC, I would be invoking the terraform apply command from my python app in which I am planning to define the Openstack credentials as environment variables and unset the same once execution completed. By this I can avoid storing the credentials in files as well the vault/consul complexity.

Please clarify, thanks.

Answer 1

There are several ways of solving this. I would recommend doing this from a Vault. But if you really do not want to do that, you could use Terraform input variables and use environment variables there.

Like this: terraform apply -var "osuser=${ENV_VAR}"

Or specifically for the OpenStack Provider in Terraform you can use the Environment Variables that are documented here: https://www.terraform.io/docs/providers/openstack/

From documentation:

auth_url - (Optional; required if cloud is not specified) The Identity authentication URL. If omitted, the OS_AUTH_URL environment variable is used.

These environment variables are usually provided to you in the openstack GUI as well.

Answer 2

You can also prompt the user for these things, as I mentioned in https://github.com/hashicorp/terraform/issues/13022#issuecomment-819658436 :

# You can set other TF variables in here as well.
echo "Please enter the outgoing e-mail account's password: "
read -sr TF_VAR_smtp_password_unquoted
export TF_VAR_smtp_password="\"$TF_VAR_smtp_password_unquoted\""