Coder Social home page Coder Social logo

terraform-provider-infisical's Issues

Secret UPDATE not working

Execute following terraform code

terraform apply --var INFISCAL_TOKEN=$(infisical service-token create --scope='dev:/SETUPTOOLS/**' --access-level=read --access-level=write -e 100 --token-only)

Following configuaration

provider "infisical" {
  alias         = "infiscal"
  host          = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com
  service_token = var.INFISCAL_TOKEN
}

terraform {
  required_providers {
    infisical = {
      # version = <latest version>
      source = "infisical/infisical"
    }

    htpasswd = {
      source = "loafoe/htpasswd"
    }
}

resource "random_password" "password" {
  length = 30
}

resource "random_password" "salt" {
  length = 8
}

resource "htpasswd_password" "hash" {
  password = random_password.password.result
  salt     = random_password.salt.result
}


resource "infisical_secret" "twine_username" {
  provider    = infisical.infiscal
  name        = "TWINE_USERNAME"
  value       = "opti-pypi"
  env_slug    = "dev"
  folder_path = "/SETUPTOOLS/PYPI-SERVER"
}


resource "infisical_secret" "twine_password" {
  provider = infisical.infiscal

  name = "TWINE_PASSWORD"

  value       = random_password.password.result
  env_slug    = "dev"
  folder_path = "/SETUPTOOLS/PYPI-SERVER"
}



resource "infisical_secret" "twine_htpasswd" {
  provider = infisical.infiscal

  name  = ".htpasswd"
  value = "${infisical_secret.twine_username.value}:${htpasswd_password.hash.apr1}"

  env_slug    = "dev"
  folder_path = "/SETUPTOOLS/PYPI-SERVER"
}

It works on 1st run without issues.
Now change value = "opti-pypi" to something like value = "opti"

Reapply with same command, and Im getting following errors:

infisical_secret.twine_username: Modifying... [name=TWINE_USERNAME]
╷
│ Error: Error updating secret
│ 
│   with infisical_secret.twine_username,
│   on 30-infisical-pwd.tf line 15, in resource "infisical_secret" "twine_username":
│   15: resource "infisical_secret" "twine_username" {
│ 
│ Couldn't save encrypted secrets to Infiscial, unexpected error: CallUpdateSecretsV3: Unsuccessful response. Please make sure your secret path, workspace and
│ environment name are all correct [response={"type":"bad_request","message":"Missing encrypted
│ key","context":{},"level":30,"level_name":"INFO","status_code":400,"datetime_iso":"2024-01-21T14:45:54.890Z","application":"unknown","extra":[]}]
╵
failed to wait for command termination: exit status 1

Secret Referencing not working?

I've been trying to get secret referencing working using the Terraform provider.

I have a Service Token with the scopes set to /** which should be able to access all the secrets.

Next, I have two folders, A and B.
In the folder A I have a secret named FOO with a value of secret.
I reference this secret in folder B like ${dev.A.FOO}.

CleanShot 2023-10-30 at 01 07 59
CleanShot 2023-10-30 at 01 08 21
CleanShot 2023-10-30 at 01 08 58

However, in terraform the output of the secret is not interpolated.

data "infisical_secrets" "test" {
  env_slug    = "dev"
  folder_path = "/B"  
}

output "foo" {
  value = data.infisical_secrets.test.secrets
}
Outputs:

foo = tomap({
  "ANOTHER_FOO" = {
    "comment" = ""
    "secret_type" = "shared"
    "value" = "${dev.A.FOO}"
  }
})

Using the CLI I can verify that it works:

infisical run --env=dev --path=/B -- env | grep foo
ANOTHER_FOO=secret

I simplified the example a bit, in my case folder B would be nested an additional level, but the secret referencing should work no matter the level of nesting 🤔

In the docs, it is stated that secret referencing is working in all the native integrations. Is the terraform provider a native integration?

`terraform apply` fails when secret was created in previous run

Steps to reproduce

  • Define secret
  • Apply changes (everything is fine to this point)
  • Apply changes again (ex. in case where database creds are changed) and things will not be fine as infisical cannot update secrets.
resource "infisical_secret" "DATABASE_URI" {
  name        = "DATABASE_URI"
  value       = "postgres://${neon_role.db_owner.name}:${neon_role.db_owner.password}@${neon_project.default.branch.endpoint.host}:5432"
  env_slug    = "dev"
  folder_path = "/"
  depends_on = [
    neon_project.default,
    neon_role.db_owner,
  ]
}

Expected behavior

  • Update secrets instead strictly not-null checking

Error

 Error: Error creating secret
│ 
│   with infisical_secret.DATABASE_URI,
│   on main.tf line 86, in resource "infisical_secret" "DATABASE_URI":
│   86: resource "infisical_secret" "DATABASE_URI" {
│ 
│ Couldn't save encrypted secrets to Infiscial, unexpected error:
│ CallCreateSecretsV3: Unsuccessful response. Please make sure your secret
│ path, workspace and environment name are all correct
│ [response={"type":"bad_request","message":"Failed to create secret that
│ already
│ exists","context":{},"level":30,"level_name":"INFO","status_code":400,"datetime_iso":"2024-01-27T16:44:30.084Z","application":"unknown","extra":[]}]
╵
Operation failed: failed running terraform apply (exit 1)

Related: #31

Add infisical_secret_imports resource

Feature Description

Currently, only infisical_secrets resource exists. The goal of this feature would be to implement an infisical_secret_imports resource.

Why would it be useful?

To create a complete secrets' architecture from terraform.

Add infisical_folder resource

Feature Description

Currently, only infisical_secrets resource exists. If you try to create a secret in a folder that doesn't exist, an error will be thrown. The goal of this feature would be to implement an infisical_folder resource.

Why would it be useful?

To create a complete secrets' architecture from terraform

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.