terraform-provider-ansiblevault

Build Status codecov Go Report Card

This Terraform provider allows you to access secrets from an Ansible Vault from Terraform.

Made with ❤️ by MeilleursAgents

Thanks

Thanks to ansible-vault-go repository for having done the hardest part.

Installation

curl https://raw.githubusercontent.com/MeilleursAgents/terraform-provider-ansiblevault/master/install.sh | bash

Usage

ansiblevault_path example:


provider "ansiblevault" {
  vault_path  = "/home/username/.vault_pass.txt"
  root_folder = "/home/username/infra/ansible/"
}

data "ansiblevault_path" "api_key" {
  path = "./passwords.yml"
  key = "USER_PASSWORD"
}

${data.ansiblevault_path.api_key.value} will contain value of `USER_PASSWORD` stored in "/home/username/infra/ansible/passwords.yml"

More examples in : examples/terraform/

Documentation

Provider

Key Required EnvVar Description
vault_path   ANSIBLE_VAULT_PASSWORD_FILE Path to ansible vault password file
vault_pass   ANSIBLE_VAULT_PASS Ansible vault pass value
root_folder ANSIBLE_ROOT_FOLDER Ansible root directory

For an easy way to configure provider with environment variables, consider the following snippet:

VAULT_PASS="$(ansible-config dump | grep DEFAULT_VAULT_PASSWORD_FILE | awk '{print $3}')"

cat >> "${HOME}/.localrc" << EOM
export ANSIBLE_VAULT_PASSWORD_FILE="${VAULT_PASS}"
export ANSIBLE_ROOT_FOLDER="/path/to/my/ansible/"
EOM

:information_source: vault_pass will override vault_path

Contribution

You have to enable Go modules for compiling this project.

Git hooks are availables for avoiding mistakes and ensure code quality, you can install them with:

make config

Build and Deploy

You need a Github OAuth Token for doing a GitHub release.

make github

License

This project is licensed under the MIT license (see LICENSE file).

FOSSA Status