Read secrets stored with credstash.
Create the terraform plugin directory
$ mkdir ~/.terraform.d/plugins
Copy the provider binary to the terraform plugin directory
$ cp /path/to/terraform-provider-credstash ~/.terraform.d/plugins/terraform-provider-credstash_v0.5.0
Profit
$ git clone https://github.com/sspinc/terraform-provider-credstash.git
$ cd /path/to/terraform-provider-credstash
$ make install
provider "credstash" {
table = "credential-store"
region = "us-east-1"
}
data "credstash_secret" "rds_password" {
name = "rds_password"
}
data "credstash_secret" "my_secret" {
name = "some_secret"
version = "0000000000000000001"
}
resource "aws_db_instance" "postgres" {
password = "${data.credstash_secret.rds_password.value}"
# other important attributes
}
You can override the table on a per data source basis:
data "credstash_secret" "my_secret" {
table = "some_table"
name = "some_secret"
version = "0000000000000000001"
}
AWS credentials are not directly set. Use one of the methods discussed here.
You can set a specific profile to use:
provider "credstash" {
region = "us-east-1"
profile = "my-profile"
}
For dependency management Go modules are used thus you will need go 1.11+
git clone https://github.com/sspinc/terraform-provider-credstash.git
make test
to run all testsgit checkout -b my-awesome-feature
The project is licensed under the MIT license, See LICENSE file for more information.