Read secrets stored with credstash.
-
Create the terraform plugin directory
$ mkdir ~/.terraform.d/plugins -
Copy the provider binary to the terraform plugin directory
$ cp /path/to/terraform-provider-credstash ~/.terraform.d/plugins/terraform-provider-credstash_v0.5.0 -
Profit
$ git clone https://github.com/sspinc/terraform-provider-credstash.git
$ cd /path/to/terraform-provider-credstash
$ make install
provider "credstash" {
table = "credential-store"
region = "us-east-1"
}
data "credstash_secret" "rds_password" {
name = "rds_password"
}
data "credstash_secret" "my_secret" {
name = "some_secret"
version = "0000000000000000001"
}
resource "aws_db_instance" "postgres" {
password = "${data.credstash_secret.rds_password.value}"
# other important attributes
}You can override the table on a per data source basis:
data "credstash_secret" "my_secret" {
table = "some_table"
name = "some_secret"
version = "0000000000000000001"
}AWS credentials are not directly set. Use one of the methods discussed here.
You can set a specific profile to use:
provider "credstash" {
region = "us-east-1"
profile = "my-profile"
}You can set a specific role arn:
provider "credstash" {
region = "us-east-1"
assume_role {
role_arn = "arn:aws:iam::<acccount>:<role name>
duration_seconds = 600
}
}For dependency management Go modules are used thus you will need go 1.11+
- Clone the repo
git clone https://github.com/sspinc/terraform-provider-credstash.git - Run
make testto run all tests
- Fork the project and clone it locally
- Open a feature brach
git checkout -b my-awesome-feature - Make your changes
- Commit your changes
- Push your changes
- Open a pull request