Categorygithub.com/joatmon08/vault-plugin-secrets-terraform
modulepackage
0.1.0-alpha1
Repository: https://github.com/joatmon08/vault-plugin-secrets-terraform.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
14
Dependents
1
Files
1k SLOC

# README

HashiCorp Vault Terraform Secrets Engine

The Terraform Secrets Engine is a plugin for HashiCorp Vault which generates dynamic API tokens for Terraform Cloud or Enterprise.

The Golang SDK for Terraform Cloud / Enterprise does not support the generation of user API tokens at this time.

Usage

  1. Enable secrets engine.

    vault secrets enable -path=terraform vault-plugin-secrets-terraform

  2. Write the configuration with a Terraform Cloud or Enterprise token.

    vault write terraform/config token=$TF_TOKEN

    If you are using Terraform Enterprise, you can specify the address and base_path.

  3. You can create two types of tokens: an organization token or a team token.

    1. To create an organization token, create a Vault role with the Terraform organization.

      vault write terraform/roles/my-org organization=$TF_ORGANIZATION

    2. To create a team token, create a Vault role with the Terraform organization and ID of the team (find using the settings/teams/team-xxxxxxxxxx URL).

      vault write terraform/roles/my-team organization=$TF_ORGANIZATION team_id=$TF_TEAM_ID

  4. To read the token, access the creds endpoint.

    $ vault read terraform/creds/my-org

Key                Value
---                -----
lease_id           terraform/creds/my-org/HZ8edrojluU1fzVy7GWoIUpo
lease_duration     768h
lease_renewable    true
token              TERRAFORM_CLOUD_OR_ENTERPRISE_TOKEN

Support, Bugs and Feature Requests

Bugs should be filed under the Issues section of this repo.

Feature requests can be submitted in the Issues section.

Quick Links

Please note: Hashicorp takes Vault's security and their users' trust very seriously, as does MongoDB.

If you believe you have found a security issue in Vault, please responsibly disclose by contacting HashiCorp at [email protected].

Running tests

To run the unit tests, you can execute:

$ go test .

To run the acceptance tests, you need to set the following environment variables:

VAULT_ACC=1
TF_TOKEN=<Terraform Cloud or Enterprise Token with Organization Access>
TF_ORGANIZATION=<Terraform Cloud or Enterprise Organization>
TF_TEAM_ID=<Terraform Cloud or Enterprise Team ID from `settings/teams/team-xxxxxxxxxxxx`>

The API key provided must be an organization owner. You can manage access through the Terraform Cloud or Enteprise UI.

# Packages

No description provided by the author

# Functions

Factory returns a new backend as logical.Backend.