Infrastructure automation: don’t duplicate your security credentials!
This article will cover how we built & open-sourced a Terraform provider to share security credentials between Terraform & Ansible.
Tools 🛠
Introduction 📝
At MeilleursAgents, we use different tools (mainly Terraform & Ansible) to build, deploy and manage our infrastructure. One of the challenges we faced was to avoid duplication and to share security credentials between them.
With Terraform, we drive Google Cloud Platform services like Google SQL, Google Kubernetes Engine and application deployments in GKE through Kubernetes provider.
On the other hand, Ansible deals with our application deployment and stores our security credentials (certificates, secrets, etc.) in a Vault.
How can we make these security credentials accessible from Terraform?
Version 0: Scope 🔍
We built a simple Terraform provider with 2 main features:
- It reads encrypted Ansible Vault files from Terraform
- It has a configuration through environment variables
We thought that it might be of interest for other Terraform users so we took time to open-source it and share it with the community.
Getting Started 🛫
See https://github.com/MeilleursAgents/terraform-provider-ansiblevault#installation
Usage 🎮
root_folder and vault_pass can be overwritten through environment variables:
- ANSIBLE_VAULT_PASS_FILE
- ANSIBLE_ROOT_FOLDER
After initializing the provider, you can easily request resources.
The content variable is available through
${data.ansiblevault_env.password.value}
Roadmap 🚀
- Publish it in Terraform Provider Development Program
- Deal with multiple secrets
- Access secrets stored in environments variables
If you’d like to contribute, report an issue or request a new feature, we’ll be more than happy to help: https://meilleursagents.github.io/terraform-provider-ansiblevault/
