使用 terraform 获取保险库秘密值 [英] fetching vault secret value using terraform
问题描述
我正在使用带有 consul 作为存储后端的保管库服务器,并尝试使用 terraform 中的保管库提供程序获取密码值.但它没有获取它的价值.我将我的秘密存储在位置秘密/实例中
main.tf
提供者保险库"{地址 = "https://<IP_ADDRESS>:<PORT_NUMBER>"令牌=118bb796-d715-8ce4-b987-7f354ff3f5a7"}数据vault_generic_secret"mypass"{路径=秘密/实例/密码"}输出我的密码"{value = "${data.vault_generic_secret.mypass.data["value"]}"}
当我运行 terraform apply 它显示:
data.vault_generic_secret.mypass:刷新状态...data.vault_generic_secret.mypass:刷新状态...申请完成!资源:添加 0 个,更改 0 个,销毁 0 个.
请建议我在这里做错了什么,因为它没有从保险库中获取密码值.
我也遇到了类似的问题,发现了这个帖子.就我而言,问题是 terraform 和 vault 之间的兼容性.我使用的是与 terraform v0.11.10 不兼容的 KV 版本 2.
相关问题:
Terraform 版本:Terraform v0.11.10
- provider.local v1.1.0
- provider.vault v1.1.4
提取秘密的 Terraform 代码:
提供者保险库"{地址=https://vault-myappXXX.net"skip_tls_verify = true令牌 = "95XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"}数据vault_generic_secret"srekv1"{路径 = "srekv1/开发"}输出名称kv1 {value = "${data.vault_generic_secret.srekv1.data["Name"]}"}
I am using a vault server with consul as a storage backend and trying to fetch a password value using vault provider in terraform. But it doesn't fetch its value. I stored my secrets at location secret/instances
main.tf
provider "vault" {
address = "https://<IP_ADDRESS>:<PORT_NUMBER>"
token = "118bb796-d715-8ce4-b987-7f354ff3f5a7"
}
data "vault_generic_secret" "mypass"{
path = "secret/instances/password"
}
output "mypassword" {
value = "${data.vault_generic_secret.mypass.data["value"]}"
}
When i run terraform apply it shows:
data.vault_generic_secret.mypass: Refreshing state...
data.vault_generic_secret.mypass: Refreshing state...
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Please suggest me something what i have done wrong over here as it does not fetch value of password from vault.
I also ran into the similar issue and found this post. In my case issue was with compatibility between terraform and vault. I was using KV version 2 which is not compatible with terraform v0.11.10.
Related Issue: GitHub Link
So i will try to write my answer with working example and environment details as it might help other people.
Vault Version: Vault 0.10.1
Secret Engine Type: KV Version 1
Path: srekv1/development
Terraform Version: Terraform v0.11.10
- provider.local v1.1.0
- provider.vault v1.1.4
Terraform Code to pull secret:
provider "vault" {
address = "https://vault-myappXXX.net"
skip_tls_verify = true
token = "95XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
data "vault_generic_secret" "srekv1" {
path = "srekv1/development"
}
output Namekv1 {
value = "${data.vault_generic_secret.srekv1.data["Name"]}"
}
这篇关于使用 terraform 获取保险库秘密值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!