Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/volvo-cars/terraform-vault-backend
Use Hashi Vault as a terraform HTTP backend
https://github.com/volvo-cars/terraform-vault-backend
Last synced: 14 days ago
JSON representation
Use Hashi Vault as a terraform HTTP backend
- Host: GitHub
- URL: https://github.com/volvo-cars/terraform-vault-backend
- Owner: volvo-cars
- License: apache-2.0
- Created: 2024-08-02T08:44:58.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2024-11-22T14:26:25.000Z (about 1 month ago)
- Last Synced: 2024-11-22T15:30:40.103Z (about 1 month ago)
- Language: Python
- Size: 5.47 MB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Code of conduct: .github/CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# terraform-vault-backend
A Vault backend for Terraform implemented as an HTTP server.
Built using [FastAPI](https://fastapi.tiangolo.com/).
## Installation
Install using [Poetry](https://python-poetry.org/):
```sh
poetry install
```## Usage
### 1. Running the server
#### Running it directly
```sh
poetry run python -m src
```
#### Using a poetry shell
```sh
poetry shell
python -m src
```
This will run the backend with Vault defaults.
Please refer to `python -m src --help` for configuration options.### 2. Configuring Terraform backend
Example configuration, assuming of the backend to be
hosted at `https://example.com`:```hcl
terraform {
backend "http" {
address = "https://example.com/v1/state/"
lock_address = "https://example.com/v1/lock/"
unlock_address = "https://example.com/v1/lock/"
lock_method = "POST"
unlock_method = "DELETE"
}
}
````` is the path to use within the configured mountpoint.
**NOTE:**
For local testing or an otherwise non-TLS setup, you might need to use `skip_cert_verification = true`.Refer to the [Terraform documentation](https://developer.hashicorp.com/terraform/language/settings/backends/http)
for additional options.### 3. Running Terraform
To authenticate to the Vault backend, you need to send your `VAULT_TOKEN` with your
Terraform invocations. How do we do this? By passing it through HTTP Basic Auth:```shell
$ export TF_HTTP_USERNAME="${VAULT_TOKEN:?}"
$ terraform apply
```More info on Vault authentication can be found at [Vault's official documentation](https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-authentication).