Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/joatmon08/infrastructure-pipeline

An example pipeline for executing HashiCorp Terraform with ephemeral cloud provider credentials managed by HashiCorp Vault
https://github.com/joatmon08/infrastructure-pipeline

hashicorp-terraform hashicorp-vault infrastructure-as-code secrets-management

Last synced: about 2 months ago
JSON representation

An example pipeline for executing HashiCorp Terraform with ephemeral cloud provider credentials managed by HashiCorp Vault

Host: GitHub
URL: https://github.com/joatmon08/infrastructure-pipeline
Owner: joatmon08
Created: 2020-11-09T21:14:55.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2021-06-09T18:17:50.000Z (over 3 years ago)
Last Synced: 2024-10-29T23:15:09.629Z (2 months ago)
Topics: hashicorp-terraform, hashicorp-vault, infrastructure-as-code, secrets-management
Language: HCL
Homepage:
Size: 700 KB
Stars: 50
Watchers: 5
Forks: 20
Open Issues: 0
Metadata Files:
- Readme: README.md
- Security: securitygroup.tf

Awesome Lists containing this project

README

        # An Example Infrastructure Pipeline

This example uses:

- Amazon Web Services

- GitHub Actions

- Terraform 0.14+

- Vault 1.5+

- HashiCorp Cloud Platform Vault (managed Vault offering)

- Terraform Cloud (for configuring Vault, uses `vault/` directory)

The infrastructure pipeline runs Terraform to create a PostgreSQL database

in AWS. It securely retrieves secrets from HashiCorp Vault.

![Diagram with HCP Vault, AWS, and peered connection](img/diagram.png)

## Usage

1. In your CLI, set the Vault address, token, and namespace.

   ```shell

   $ export VAULT_ADDR=

   $ export VAULT_TOKEN=

   $ export VAULT_NAMESPACE=

   ```

1. Get Vault secret ID.

   ```shell

   $ make get-secret

   ```

1. Go to the GitHub repository's secrets.

1. Set the following repository secrets:

   1. `VAULT_ADDR`: address of Vault

   1. `VAULT_NAMESPACE`: `admin`

   1. `VAULT_ROLE_ID`: `infrastructure-pipeline`

   1. `VAULT_SECRET_ID`: add secret ID from CLI

1. Make changes to this repository to execute Terraform.

## Notes

1. The GitHub Actions workflow accesses Vault over public internet. To access Vault

   over private connection, you will want to deploy a self-hosted runner or GitHub

   Enterprise. Vault configures the PostgreSQL database over a private connection.

1. The demo uses HashiCorp Cloud Platform. You can substitute the Vault endpoint

   with your own Vault instance, as long as it can connect to AWS.## Requirements