An Interest In:
Web News this Week
- April 20, 2024
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
Deploying IAC with your secrets in Terraform Vault
DAY 23 - Deploying IAC with your secrets in Terraform Vault - Day Twenty three
100 days of Cloud on GitHub - Read On iCTPro.co.nz - Read on Dev.to
What is Vault?
Securely accesses secrets , HashiCorp explains as Vault comes with various pluggable components called secrets engines and authentication methods allowing you to integrate with external systems. Vault issues temporary tokens to access the resources.
- In the blog I will be demonstrating how to setup a vault
- Accessing secrets from Vault to Deploy your infrastructure into a AWS environment.
Prerequisite
Install AWS CLI and Configure with IAM credentials
Install Vault
Goto this link to install Vault
I Am using a WSL Linux on windows
- Getting GPG key
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
- Adding HashiCorp Linux repo
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
- install
sudo apt-get update && sudo apt-get install vault
Setup Vault Project folder
- Lets create a project folder named Vault and cd into it
Setup Vault Server (Dev environment)
vault server -dev -dev-root-token-id="environment"
Note down the Vault Address, Unsealkey & Root token.
Sign into vault server
- Select Secret & Click Create Secret.
- Enter your IAM Programmatic access keys & Save.
Deploying with Vault
- Create a main.tf file and copy paste this command
terraform { required_providers { aws = { source = "hashicorp/aws" version = "3.58.0" } }}data "vault_generic_secret" "aws_creds" { path = "secret/aws"}provider "aws" { region = data.vault_generic_secret.aws_creds.data["region"] access_key = data.vault_generic_secret.aws_creds.data["aws_access_key_id"] secret_key = data.vault_generic_secret.aws_creds.data["aws_secret_access_key"]}resource "aws_instance" "my_server" { ami = "ami-059af0b76ba105e7e" instance_type = "t2.nano" tags = { Name = "Vault-Server" }}
You have to change ami incase your region is not on ap-southeast-2
- Initialize Terraform
terraform init
- Plan terraform
terraform plan
You will be prompted to enter the vault url, in this case it is http://127.0.0.1:8200/
- Deploy infrastructure
terraform apply -auto-approve
- Enter url of vault when its prompted.
- Teardown your infrastructure
if you are happy with the deployment , you can tear down the deployed resources
terraform apply -auto-approve -destroy
Congratulations you have successfully deployed IAC with Terraform Vault
Connect with me on Twitter
Connect with me on Linkedin
Read more post on dev.to or iCTPro.co.nz
Connect with me on GitHub
Original Link: https://dev.to/aws-builders/deploying-iac-with-your-secrets-in-terraform-vault-4ggc
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To