使用 terraform 获取保险库秘密值 [英] fetching vault secret value using terraform

查看:28
本文介绍了使用 terraform 获取保险库秘密值的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用带有 consul 作为存储后端的保管库服务器,并尝试使用 terraform 中的保管库提供程序获取密码值.但它没有获取它的价值.我将我的秘密存储在位置秘密/实例中

ma​​in.tf

提供者保险库"{地址 = "https://<IP_ADDRESS>:<PORT_NUMBER>"令牌=118bb796-d715-8ce4-b987-7f354ff3f5a7"}数据vault_generic_secret"mypass"{路径=秘密/实例/密码"}输出我的密码"{value = "${data.vault_generic_secret.mypass.data["value"]}"}

当我运行 terraform apply 它显示:

data.vault_generic_secret.mypass:刷新状态...data.vault_generic_secret.mypass:刷新状态...申请完成!资源:添加 0 个,更改 0 个,销毁 0 个.

请建议我在这里做错了什么,因为它没有从保险库中获取密码值.

解决方案

我也遇到了类似的问题,发现了这个帖子.就我而言,问题是 terraform 和 vault 之间的兼容性.我使用的是与 terraform v0.11.10 不兼容的 KV 版本 2.

相关问题:

Terraform 版本:Terraform v0.11.10

  • provider.local v1.1.0
  • provider.vault v1.1.4

提取秘密的 Terraform 代码:​​ 

提供者保险库"{地址=https://vault-myappXXX.net"skip_tls_verify = true令牌 = "95XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"}数据vault_generic_secret"srekv1"{路径 = "srekv1/开发"}输出名称kv1 {value = "${data.vault_generic_secret.srekv1.data["Name"]}"}

I am using a vault server with consul as a storage backend and trying to fetch a password value using vault provider in terraform. But it doesn't fetch its value. I stored my secrets at location secret/instances

main.tf

provider "vault" {
 address = "https://<IP_ADDRESS>:<PORT_NUMBER>"
 token = "118bb796-d715-8ce4-b987-7f354ff3f5a7"
}
data "vault_generic_secret" "mypass"{
 path = "secret/instances/password"
}
output "mypassword" {
 value = "${data.vault_generic_secret.mypass.data["value"]}"
}

When i run terraform apply it shows:

data.vault_generic_secret.mypass: Refreshing state...
data.vault_generic_secret.mypass: Refreshing state...

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Please suggest me something what i have done wrong over here as it does not fetch value of password from vault.

解决方案

I also ran into the similar issue and found this post. In my case issue was with compatibility between terraform and vault. I was using KV version 2 which is not compatible with terraform v0.11.10.

Related Issue: GitHub Link

So i will try to write my answer with working example and environment details as it might help other people.

Vault Version: Vault 0.10.1

Secret Engine Type: KV Version 1

Path: srekv1/development

Terraform Version: Terraform v0.11.10

  • provider.local v1.1.0
  • provider.vault v1.1.4

Terraform Code to pull secret: 

provider "vault" {

address = "https://vault-myappXXX.net"
skip_tls_verify = true
token = "95XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}

data "vault_generic_secret" "srekv1" {
  path = "srekv1/development"
}

output Namekv1 {
value = "${data.vault_generic_secret.srekv1.data["Name"]}"
}

这篇关于使用 terraform 获取保险库秘密值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆