A simple Terraform compatible CLI tool to retrieve a Root CA thumbprint, to use with IAM OIDC Identity Providers, for example.
Simple go build main.go
, or go get github.com/matt-potter/thumbprint
Ensure your $PATH
is set up to include your $GOPATH/bin
directory
➜ ~ thumbprint --help
Usage of thumbprint:
-terraform
reads data from stdin and writes to stdout/stderr conformant to the external program specification.
➜ ~
➜ ~ thumbprint google.com
DFE2070C79E7FF36A925FFA327FFE3DEECF8F9C2
Pass in the -terraform
flag. The tool will now read input from STDIN
as per the Terraform spec. The tool expects a json object to STDIN
in the form of {"host": " FQDN value "}, which is achieved with a Terraform data external block as below. The result is accessible in the "thumbprint" field of the result map.
data "external" "thumbprint" {
program = ["thumbprint", "-terraform"]
query = {
host = ** FQDN HERE **
}
}
resource "aws_iam_openid_connect_provider" "k8s" {
url = ...
client_id_list = [
[...]
]
thumbprint_list = [data.external.thumbprint.result["thumbprint"]]
}