Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not able to pull secrets using terraform #87

Open
monish-devendran opened this issue Mar 28, 2024 · 3 comments
Open

Not able to pull secrets using terraform #87

monish-devendran opened this issue Mar 28, 2024 · 3 comments

Comments

@monish-devendran
Copy link 

terraform {
  required_providers {
    akeyless = {
      version = ">= 1.0.0"
      source  = "akeyless-community/akeyless"
    }
  }
}

provider "akeyless" {
  api_gateway_address = "http://localhost:8000/"

  api_key_login {
    access_id = "******"
    access_key = "*********"
  }
}


resource "akeyless_static_secret" "secret" {
  path = "/path/to/my/secret"
  value = "this value was set from terraform"
}

this is my code and when run terraform apply , i get

❯ terraform apply

│ Error: authentication failed: {"error":"MissingRequiredParam","message":"Missing required parameter - access_id "}


│ with provider["registry.terraform.io/akeyless-community/akeyless"],
│ on main.tf line 10, in provider "akeyless":
│ 10: provider "akeyless" {

i want to basically pull my gcp secrets and pass to terraform
@monish-devendran
Copy link
Author

The above issue code resolved, if someone can help in how to pass my secret to gcp credentials

provider "google" {
project = "cf-triggers"
credentials = data.akeyless_secret.secret
}

│ on main.tf line 38, in provider "google":
│ 38: credentials = data.akeyless_secret.secret
│ ├────────────────
│ │ data.akeyless_secret.secret is object with 4 attributes

│ Inappropriate value for attribute "credentials": string required.

@devorbitus
Copy link
Member

In think, in order to pass a variable into provider you have to have that provider block be inside a sub-module and pass it in as a variable.

I suggest asking ChatGPT or Claude on how to accomplish a dynamic provider credential.

@DaniRieker
Copy link

From what I know about terraform, the providers are always initialized during the init phase and you can not have values from a data source in the configuration as data sources are read just later in the plan phase. What I do to use a secret from akeyless which is needed to configure the akeyless provider itself is to load the secret upfront using the akeyless CLI and set the value to the ENV-variable AKEYLESS_ACCESS_KEY. With this you don't have to specify the key in the configuration at all, it just gets sourced from the ENV variable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@devorbitus @monish-devendran @DaniRieker