ianlivingstone
commented
7 years ago A better integration through torus run by making it easier or unnecessary to think about 1 and 3.
I had a early few thoughts on how we could enable this:
- Enable you to specify a
environmentinside a.torus.json, so you could tie directories ignoring the need to provide a-eflag at runtime (related to #312) - Enable a terraform output mode for run (e.g.
--output terraformor similar) to remove the need to prependTF_VAR_
Build a terraform provider which can be included as a third party plugin. This would expose the secrets as a property of secrets as a resource which would be configured via provider configuration. Whether this would require the Torus daemon or not and how Torus would get the credentials to retrieve the secrets is up in the air.
Thinking about this more, I think you'd still need the Torus daemon locally to set and work with the secrets. Having the torus daemon running to Terraform apply would be clunky. Especially, in an automated environment such as CI.
It is possible that the plugin could just include components of the Daemon requiring the user to specify a TORUS_EMAIL/TORUS_PASSWORD or TORUS_TOKEN_ID/TORUS_TOKEN_SECRET which the plugin would use to perform a login.
It'd still be necessary to have the Torus CLI for all other activities.
Although, it may be nice to enabling writing from Terraform, however I'm not sure how important of a use case this is today this would provide to developers.
Any and all feedback is appreciated!
A quick and simple way to get setup using Torus with Terraform would make it really easy for anyone using Terraform to store/share their secrets inside Torus.
To use Torus today with Terraform or Terragrunt via
torus runyou have to:TF_VAR_torus linktorus run.This isn't a lot of work, but it's non-obvious, and could be stream lined. After looking at the options, there are really two pathways forward:
torus runby making it easier or unnecessary to think about 1 and 3.