use password-store provider for secrets

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2021-02-23 13:15:21 +01:00
parent eebeadd4fa
commit b9f333eb61
No known key found for this signature in database
GPG Key ID: 4EF064D0E6D63020
5 changed files with 37 additions and 19 deletions

View File

@ -41,13 +41,6 @@ secrets:
pass services/consul/ca-key > ansible/files/consul-ca.key
pass services/consul/client-crt > ansible/files/consul-client.crt
pass services/consul/client-key > ansible/files/consul-client.key
echo "Saving secrets to: terraform.tfvars"
@echo -e "\
# secrets extracted from password-store\n\
cloudflare_token = \"$(shell pass cloud/Cloudflare/token)\"\n\
cloudflare_email = \"$(shell pass cloud/Cloudflare/email)\"\n\
cloudflare_account = \"$(shell pass cloud/Cloudflare/account)\"\n\
" > terraform.tfvars
cleanup:
rm -r $(PLUGIN_DIR)/$(ARCHIVE)

12
main.tf
View File

@ -1,15 +1,3 @@
provider "cloudflare" {
email = var.cloudflare_email
api_key = var.cloudflare_token
account_id = var.cloudflare_account
}
provider "google" {
credentials = file("google-cloud.json")
project = "russia-servers"
region = "us-central1"
}
/* DATA -----------------------------------------*/
terraform {

11
providers.tf Normal file
View File

@ -0,0 +1,11 @@
provider "cloudflare" {
email = data.pass_password.cloudflare_email.password
api_key = data.pass_password.cloudflare_token.password
account_id = data.pass_password.cloudflare_account.password
}
provider "google" {
credentials = data.pass_password.google_cloud_cred_json.full
project = "russia-servers"
region = "us-central1"
}

22
secrets.tf Normal file
View File

@ -0,0 +1,22 @@
# Uses PASSWORD_STORE_DIR environment variable
provider "pass" { refresh_store = false }
/* Token for interacting with Cloudflare API. */
data "pass_password" "cloudflare_token" {
path = "cloud/Cloudflare/token"
}
/* Email address of Cloudflare account. */
data "pass_password" "cloudflare_email" {
path = "cloud/Cloudflare/email"
}
/* ID of CloudFlare Account. */
data "pass_password" "cloudflare_account" {
path = "cloud/Cloudflare/account"
}
/* Google Cloud API auth JSON */
data "pass_password" "google_cloud_cred_json" {
path = "cloud/GoogleCloud/json"
}

View File

@ -13,5 +13,9 @@ terraform {
source = "nbering/ansible"
version = " = 1.0.4"
}
pass = {
source = "camptocamp/pass"
version = " = 1.4.0"
}
}
}