I am using terraform to provision servers in a private openstack cloud. Running terraform requires that the terraform script can access my username and password for my openstack cloud. So I would like to store this info in a secret file and encrypt this (something along the lines of ansible vault). However the only examples I have found for using hashicorp vault with terraform have been for AWS . So how would I create a terraform script that can read a vault value containing two variables to use them for provisioning openstack instances?
For reference here is how I mounted my vault secret backend:
vault mount generic
Here is what my secret would look like (if I didn't write it into a json file):
vault write generic/logins usernames=myUserName psswrds=myPassword
Terraform 0.8 will have a Vault provider .
data "vault_generic_secret" "login" {
path = "generic/logins"
}
provider "something" {
user = "${data.vault_generic_secret.login.data["username"]}"
pass = "${data.vault_generic_secret.login.data["password"]}"
}
I have just done this for mongo atlas, you can see an example on github here
provider "mongodbatlas" {
public_key = data.vault_generic_secret.example.data["public_key"]
private_key = data.vault_generic_secret.example.data["private_key"]
}
provider "vault" {
address = "http://127.0.0.1:8200"
}
data "vault_generic_secret" "example" {
path = "mongodbatlas/creds/example"
}
I know this is for mongo atlas but it's very similar usage.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.