Terraform Credentials from the macOS Keychain
terraform-credentials-keychain is a shell script which implements the Terraform credentials helpers API, allowing you to store and retrieve credentials for services like Terraform Cloud securely in the macOS Keychain.
Note: Consider using bendrucker/terraform-credentials-helper, which is more likely to be maintained.
Usage
-
Download the
terraform-credentials-keychainfile from this repository, and copy it to your global plugins path,~/.terraform.d/plugins. -
Edit your Terraform CLI configuration to enable the helper:
credentials_helper "keychain" {}
-
Ensure that you have manually configured an empty block for the public registry in the same file:
credentials "registry.terraform.io" {}This ensures that the helper is not triggered for API calls which install providers and modules.
-
Use
terraform loginto create a Terraform Cloud token and store it in your keychain. -
Later you can remove the stored token with
terraform logout