Deploying IAC with your secrets in Terraform Vault

DAY 23 - Deploying IAC with your secrets in Terraform Vault - Day Twenty three

100 days of Cloud on GitHub - Read On iCTPro.co.nz - Read on Dev.to

What is Vault?

Securely accesses secrets , HashiCorp explains as Vault comes with various pluggable components called secrets engines and authentication methods allowing you to integrate with external systems. Vault issues temporary tokens to access the resources.

• In the blog I will be demonstrating how to setup a vault
• Accessing secrets from Vault to Deploy your infrastructure into a AWS environment.

Prerequisite

Install AWS CLI and Configure with IAM credentials

Install Vault

Goto this link to install Vault
I Am using a WSL Linux on windows

• Getting GPG key

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -

• Adding HashiCorp Linux repo

sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"

• install

sudo apt-get update && sudo apt-get install vault

Setup Vault Project folder

• Lets create a project folder named Vault and cd into it

Setup Vault Server (Dev environment)

vault server -dev -dev-root-token-id="environment"

Note down the Vault Address, Unsealkey & Root token.

Sign into vault server

Enter token as "environment"

• Select Secret & Click Create Secret.
• Enter your IAM Programmatic access keys & Save.

Deploying with Vault

• Create a main.tf file and copy paste this command

terraform {  required_providers {    aws = {      source  = "hashicorp/aws"      version = "3.58.0"    }  }}data "vault_generic_secret" "aws_creds" {    path = "secret/aws"}provider "aws" {  region  = data.vault_generic_secret.aws_creds.data["region"]    access_key = data.vault_generic_secret.aws_creds.data["aws_access_key_id"]    secret_key = data.vault_generic_secret.aws_creds.data["aws_secret_access_key"]}resource "aws_instance" "my_server" {  ami           = "ami-059af0b76ba105e7e"  instance_type = "t2.nano"    tags = {        Name = "Vault-Server"    }}

You have to change ami incase your region is not on ap-southeast-2

• Initialize Terraform

terraform init

• Plan terraform

terraform plan

You will be prompted to enter the vault url, in this case it is http://127.0.0.1:8200/

• Deploy infrastructure

terraform apply -auto-approve

• Enter url of vault when its prompted.

• Teardown your infrastructure

if you are happy with the deployment , you can tear down the deployed resources

terraform apply -auto-approve -destroy

Congratulations you have successfully deployed IAC with Terraform Vault

Connect with me on Twitter
Connect with me on Linkedin
Read more post on dev.to or iCTPro.co.nz
Connect with me on GitHub

.ltag__user__id__637154 .follow-action-button { background-color: #141D2B !important; color: #9FEF00 !important; border-color: #141D2B !important; }

Anuvindh SankaravilasamFollow

Experienced Cloud Technology Specialist with a demonstrated skillset of working with Emergency, NZ Police & Education industry