See the tfscaffold readme for information on tfscaffold this is specifically for the Azure version and the various changes required to make it work there. Additionally this contains elements for the various example components.
There are a number of required mounts otherwise tfscaffold wont actually know what to do. Note that tfscaffold is /tfscaffold in the container.
- components (your terraform)
- modules (any terraform modules)
- etc (terraform variables)
- plugin-cache (terraform plugin-cache)
Plugin-cache isnt required but it will download it every single time if you dont mount this folder.
app-id, password and tenant are the important changes that have been added over the standard tfscaffold, simply because azure works differently. These are now required when calling tfscaffold.
Windows
docker run -v C:\git\my_project\tfscaffold\components\:/tfscaffold/components `
-v C:\git\my_project\tfscaffold\etc\:/tfscaffold/etc `
-v C:\git\my_project\tfscaffold\modules\:/tfscaffold/modules `
-v C:\git\my_project\tfscaffold\plugin-cache\:/tfscaffold/plugin-cache `
tfscaffold -a apply -r uksouth -p demo --bootstrap `
--app-id 'some-app-id' `
--password 'some-password' `
--tenant 'some-tenant'
Linux
docker run -v ~/git/jumpbox/tfscaffold/components/:/tfscaffold/components \
-v ~/git/jumpbox/tfscaffold/etc/:/tfscaffold/etc \
-v ~/git/jumpbox/tfscaffold/modules/:/tfscaffold/modules \
-v ~/git/jumpbox/tfscaffold/plugin-cache/:/tfscaffold/plugin-cache \
mikewinterbjss/tfscaffold -a apply -r uksouth -p changeme --bootstrap \
--app-id 'some-app-id' \
--password 'some-password' \
--tenant 'some-tenant'
Again this is an example but its the core password management function of this piece of work. If you think there is a better way to manage the secrets / passwords etc... feel free to create an example component.
In essence the keyvault is created and a random string generator creates a number of secrets, these are then output into the remote state. The remote state can then be used elsewhere and that way none of the passwords are added to a tf file.
Windoze
docker run -v C:\git\jumpbox\tfscaffold\components\:/tfscaffold/components `
-v C:\git\jumpbox\tfscaffold\etc\:/tfscaffold/etc `
-v C:\git\jumpbox\tfscaffold\modules\:/tfscaffold/modules `
-v C:\git\jumpbox\tfscaffold\plugin-cache\:/tfscaffold/plugin-cache `
mikewinterbjss/tfscaffold -a plan -r uksouth -p changeme -e demo -c keyvault `
--app-id 'some-app-id' `
--password 'some-password' `
--tenant 'some-tenant'
Linux
docker run -v ~/git/jumpbox/tfscaffold/components/:/tfscaffold/components \
-v ~/git/jumpbox/tfscaffold/etc/:/tfscaffold/etc \
-v ~/git/jumpbox/tfscaffold/modules/:/tfscaffold/modules \
-v ~/git/jumpbox/tfscaffold/plugin-cache/:/tfscaffold/plugin-cache \
mikewinterbjss/tfscaffold -a plan -r uksouth -p changeme -e demo -c keyvault \
--app-id 'some-app-id' \
--password 'some-password' \
--tenant 'some-tenant'