This Terraform provider allows you to access secrets from an Ansible Vault from Terraform.
Made with ❤️ by MeilleursAgents
Thanks to ansible-vault-go repository for having done the hardest part.
curl https://raw.githubusercontent.com/MeilleursAgents/terraform-provider-ansiblevault/master/install.sh | bashansiblevault_path example:
provider "ansiblevault" {
vault_path = "/home/username/.vault_pass.txt"
root_folder = "/home/username/infra/ansible/"
}
data "ansiblevault_path" "api_key" {
path = "./passwords.yml"
key = "USER_PASSWORD"
}
${data.ansiblevault_path.api_key.value} will contain value of `USER_PASSWORD` stored in "/home/username/infra/ansible/passwords.yml"More examples in : examples/terraform/
| Key | Required | EnvVar | Description |
|---|---|---|---|
| vault_path | ANSIBLE_VAULT_PASSWORD_FILE |
Path to ansible vault password file | |
| vault_pass | ANSIBLE_VAULT_PASS |
Ansible vault pass value | |
| root_folder | ✅ | ANSIBLE_ROOT_FOLDER |
Ansible root directory |
For an easy way to configure provider with environment variables, consider the following snippet:
VAULT_PASS="$(ansible-config dump | grep DEFAULT_VAULT_PASSWORD_FILE | awk '{print $3}')"
cat >> "${HOME}/.localrc" << EOM
export ANSIBLE_VAULT_PASSWORD_FILE="${VAULT_PASS}"
export ANSIBLE_ROOT_FOLDER="/path/to/my/ansible/"
EOMℹ️ vault_pass will override vault_path
You have to enable Go modules for compiling this project.
Git hooks are availables for avoiding mistakes and ensure code quality, you can install them with:
make configYou need a Github OAuth Token for doing a GitHub release.
make githubThis project is licensed under the MIT license (see LICENSE file).
