/terraform-provider-pass

Pass Terraform provider

Primary LanguageGoMozilla Public License 2.0MPL-2.0

Pass Terraform Provider

This provider adds integration between Terraform and Pass and Gopass password stores.

Pass is a password store using gpg to encrypt password and git to version. Gopass is a rewrite of the pass password manager in Go with the aim of making it cross-platform and adding additional features.

Requirements

Building The Provider

Download the provider source code

$ go get github.com/camptocamp/terraform-provider-pass

Enter the provider directory and build the provider

$ cd $GOPATH/src/github.com/camptocamp/terraform-provider-pass
$ dep ensure
$ make build

Installing the provider

After building the provider, install it using the Terraform instructions for installing a third party provider.

Example

provider "pass" {
  store_dir = "/srv/password-store"    # defaults to $PASSWORD_STORE_DIR
  refresh_store = false                # do not call `git pull`
}


resource "pass_password" "test" {
  path = "secret/foo"
  password = "0123456789"
  data = {
    zip = "zap"
  }
}

data "pass_password" "test" {
  path = "${pass_password.test.path}"
}

Usage

The pass provider

Argument Reference

The provider takes the following arguments:

  • store_dir - (Optional) Path to your password store, defaults to $PASSWORD_STORE_DIR
  • refresh_store - (Optional) Boolean whether to call git pull when configuring the provider, defaults to true

The pass_password resource

Argument Reference

The resource takes the following arguments:

  • path - Full path from which a password will be read
  • password - Secret password
  • data - (Optional) Additional secret data

Attribute Reference

The following attributes are exported:

  • path - Full path from which the password was read
  • password - Secret password
  • data - Additional secret data
  • body - Raw secret data if not YAML
  • full - Entire secret contents

The pass_password data source

Argument Reference

The data source takes the following arguments:

  • path - Full path from which a password will be read

Attribute Reference

The following attributes are exported:

  • path - Full path from which the password was read
  • password - Secret password
  • data - Additional secret data
  • body - Raw secret data if not YAML
  • full - Entire secret contents

Developing the Provider

If you wish to work on the provider, you'll first need Go installed on your machine (version 1.8+ is required). You'll also need to correctly setup a GOPATH, as well as adding $GOPATH/bin to your $PATH.

To compile the provider, run make build. This will build the provider and put the provider binary in the $GOPATH/bin directory.

$ make bin
...
$ $GOPATH/bin/terraform-provider-$PROVIDER_NAME
...

In order to test the provider, you can simply run make test.

$ make test

In order to run the full suite of Acceptance tests, run make testacc.

Note: Acceptance tests create real resources, and often cost money to run.

$ make testacc