Skip to content

Commit

Permalink
Merge pull request #86 from Infisical/daniel/ephemeral-secrets
Browse files Browse the repository at this point in the history
feat(infisical-secret): ephemeral support
  • Loading branch information
DanielHougaard authored Jan 9, 2025
2 parents 6601b93 + 3d8c8d4 commit 4a9e378
Show file tree
Hide file tree
Showing 9 changed files with 464 additions and 211 deletions.
76 changes: 76 additions & 0 deletions docs/ephemeral-resources/secret.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "infisical_secret Ephemeral Resource - terraform-provider-infisical"
subcategory: ""
description: |-
Read ephemeral secrets from Infisical
---

# infisical_secret (Ephemeral Resource)

Read ephemeral secrets from Infisical

## Example Usage

```terraform
terraform {
required_providers {
infisical = {
# version = <latest version>
source = "infisical/infisical"
}
postgresql = {
source = "cyrilgdn/postgresql"
version = "1.25.0"
}
}
}
provider "infisical" {
host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com
client_id = "<>"
client_secret = "<>"
}
ephemeral "infisical_secret" "postgres_username" {
name = "POSTGRES_USERNAME"
env_slug = "dev"
workspace_id = "PROJECT_ID"
folder_path = "/"
}
ephemeral "infisical_secret" "postgres_password" {
name = "POSTGRES_PASSWORD"
env_slug = "dev"
workspace_id = "PROJECT_ID"
folder_path = "/"
}
locals {
credentials = {
username = ephemeral.infisical_secret.postgres_username.value
password = ephemeral.infisical_secret.postgres_password.value
}
}
provider "postgresql" {
host = data.aws_db_instance.example.address
port = data.aws_db_instance.example.port
username = local.credentials["username"]
password = local.credentials["password"]
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `env_slug` (String) The environment slug of the secret to fetch
- `folder_path` (String) The path to the folder where the given secret resides
- `name` (String) The name of the secret
- `workspace_id` (String) The Infisical project ID

### Read-Only

- `value` (String, Sensitive) The value of the secret
9 changes: 9 additions & 0 deletions docs/resources/secret.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,15 @@ resource "infisical_secret" "github_action_secret" {
folder_path = "/"
tag_ids = [infisical_secret_tag.terraform.id]
}
# Ephemeral resource (requires Terraform 1.10.0+)
# https://www.hashicorp.com/blog/terraform-1-10-improves-handling-secrets-in-state-with-ephemeral-values
ephemeral "infisical_secret" "ephemeral-secret" {
name = "SECRET-KEY"
env_slug = "dev"
workspace_id = "PROJECT_ID"
folder_path = "/"
}
```

<!-- schema generated by tfplugindocs -->
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
terraform {
required_providers {
infisical = {
# version = <latest version>
source = "infisical/infisical"
}
postgresql = {
source = "cyrilgdn/postgresql"
version = "1.25.0"
}
}
}

provider "infisical" {
host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com
client_id = "<>"
client_secret = "<>"
}

ephemeral "infisical_secret" "postgres_username" {
name = "POSTGRES_USERNAME"
env_slug = "dev"
workspace_id = "PROJECT_ID"
folder_path = "/"
}

ephemeral "infisical_secret" "postgres_password" {
name = "POSTGRES_PASSWORD"
env_slug = "dev"
workspace_id = "PROJECT_ID"
folder_path = "/"
}

locals {
credentials = {
username = ephemeral.infisical_secret.postgres_username.value
password = ephemeral.infisical_secret.postgres_password.value
}
}

provider "postgresql" {
host = data.aws_db_instance.example.address
port = data.aws_db_instance.example.port
username = local.credentials["username"]
password = local.credentials["password"]
}
9 changes: 9 additions & 0 deletions examples/resources/infisical_secret/resource.tf
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,12 @@ resource "infisical_secret" "github_action_secret" {
folder_path = "/"
tag_ids = [infisical_secret_tag.terraform.id]
}

# Ephemeral resource (requires Terraform 1.10.0+)
# https://www.hashicorp.com/blog/terraform-1-10-improves-handling-secrets-in-state-with-ephemeral-values
ephemeral "infisical_secret" "ephemeral-secret" {
name = "SECRET-KEY"
env_slug = "dev"
workspace_id = "PROJECT_ID"
folder_path = "/"
}
86 changes: 42 additions & 44 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,78 +1,76 @@
module terraform-provider-infisical

go 1.21
go 1.22.7

toolchain go1.23.1
toolchain go1.23.3

require (
github.com/go-resty/resty/v2 v2.7.0
github.com/hashicorp-demoapp/hashicups-client-go v0.1.0
github.com/hashicorp/terraform-plugin-docs v0.15.0
github.com/hashicorp/terraform-plugin-framework v1.10.0
github.com/hashicorp/terraform-plugin-go v0.23.0
github.com/hashicorp/terraform-plugin-docs v0.20.1
github.com/hashicorp/terraform-plugin-framework v1.13.0
github.com/hashicorp/terraform-plugin-framework-validators v0.12.0
github.com/hashicorp/terraform-plugin-log v0.9.0
github.com/hashicorp/terraform-plugin-testing v1.2.0
golang.org/x/crypto v0.26.0
)

require (
github.com/BurntSushi/toml v1.2.1 // indirect
github.com/Kunde21/markdownfmt/v3 v3.1.0 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.1.1 // indirect
github.com/Masterminds/sprig/v3 v3.2.2 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
github.com/agext/levenshtein v1.2.2 // indirect
github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
github.com/Masterminds/semver/v3 v3.2.0 // indirect
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
github.com/armon/go-radix v1.0.0 // indirect
github.com/bgentry/speakeasy v0.1.0 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/fatih/color v1.15.0 // indirect
github.com/bmatcuk/doublestar/v4 v4.7.1 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
github.com/fatih/color v1.16.0 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/hashicorp/cli v1.1.6 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-checkpoint v0.5.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
github.com/hashicorp/go-hclog v1.5.0 // indirect
github.com/hashicorp/go-hclog v1.6.3 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-plugin v1.6.0 // indirect
github.com/hashicorp/go-plugin v1.6.2 // indirect
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
github.com/hashicorp/go-uuid v1.0.3 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/hc-install v0.5.2 // indirect
github.com/hashicorp/hcl/v2 v2.16.2 // indirect
github.com/hashicorp/logutils v1.0.0 // indirect
github.com/hashicorp/terraform-exec v0.18.1 // indirect
github.com/hashicorp/terraform-json v0.16.0 // indirect
github.com/hashicorp/terraform-plugin-framework-validators v0.13.0 // indirect
github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 // indirect
github.com/hashicorp/go-version v1.7.0 // indirect
github.com/hashicorp/hc-install v0.9.0 // indirect
github.com/hashicorp/terraform-exec v0.21.0 // indirect
github.com/hashicorp/terraform-json v0.23.0 // indirect
github.com/hashicorp/terraform-plugin-go v0.25.0 // indirect
github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
github.com/hashicorp/terraform-svchost v0.1.1 // indirect
github.com/hashicorp/yamux v0.1.1 // indirect
github.com/huandu/xstrings v1.3.2 // indirect
github.com/imdario/mergo v0.3.13 // indirect
github.com/huandu/xstrings v1.3.3 // indirect
github.com/imdario/mergo v0.3.15 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect
github.com/mitchellh/cli v1.1.5 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.9 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
github.com/mitchellh/go-wordwrap v1.0.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/oklog/run v1.1.0 // indirect
github.com/posener/complete v1.2.3 // indirect
github.com/russross/blackfriday v1.6.0 // indirect
github.com/shopspring/decimal v1.3.1 // indirect
github.com/spf13/cast v1.5.0 // indirect
github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
github.com/zclconf/go-cty v1.13.2 // indirect
golang.org/x/crypto v0.21.0 // indirect
golang.org/x/mod v0.10.0 // indirect
golang.org/x/net v0.23.0 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/text v0.14.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect
google.golang.org/grpc v1.63.2 // indirect
google.golang.org/protobuf v1.34.0 // indirect
github.com/yuin/goldmark v1.7.7 // indirect
github.com/yuin/goldmark-meta v1.1.0 // indirect
github.com/zclconf/go-cty v1.15.0 // indirect
go.abhg.dev/goldmark/frontmatter v0.2.0 // indirect
golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect
golang.org/x/mod v0.21.0 // indirect
golang.org/x/net v0.28.0 // indirect
golang.org/x/sys v0.24.0 // indirect
golang.org/x/text v0.20.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
google.golang.org/grpc v1.67.1 // indirect
google.golang.org/protobuf v1.35.1 // indirect
gopkg.in/yaml.v2 v2.3.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
Loading

0 comments on commit 4a9e378

Please sign in to comment.