infisical / terraform-provider-infisical Goto Github PK
View Code? Open in Web Editor NEWThe offical Infisical Terraform provider
License: Mozilla Public License 2.0
The offical Infisical Terraform provider
License: Mozilla Public License 2.0
Execute following terraform code
terraform apply --var INFISCAL_TOKEN=$(infisical service-token create --scope='dev:/SETUPTOOLS/**' --access-level=read --access-level=write -e 100 --token-only)
Following configuaration
provider "infisical" {
alias = "infiscal"
host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com
service_token = var.INFISCAL_TOKEN
}
terraform {
required_providers {
infisical = {
# version = <latest version>
source = "infisical/infisical"
}
htpasswd = {
source = "loafoe/htpasswd"
}
}
resource "random_password" "password" {
length = 30
}
resource "random_password" "salt" {
length = 8
}
resource "htpasswd_password" "hash" {
password = random_password.password.result
salt = random_password.salt.result
}
resource "infisical_secret" "twine_username" {
provider = infisical.infiscal
name = "TWINE_USERNAME"
value = "opti-pypi"
env_slug = "dev"
folder_path = "/SETUPTOOLS/PYPI-SERVER"
}
resource "infisical_secret" "twine_password" {
provider = infisical.infiscal
name = "TWINE_PASSWORD"
value = random_password.password.result
env_slug = "dev"
folder_path = "/SETUPTOOLS/PYPI-SERVER"
}
resource "infisical_secret" "twine_htpasswd" {
provider = infisical.infiscal
name = ".htpasswd"
value = "${infisical_secret.twine_username.value}:${htpasswd_password.hash.apr1}"
env_slug = "dev"
folder_path = "/SETUPTOOLS/PYPI-SERVER"
}
It works on 1st run without issues.
Now change value = "opti-pypi"
to something like value = "opti"
Reapply with same command, and Im getting following errors:
infisical_secret.twine_username: Modifying... [name=TWINE_USERNAME]
╷
│ Error: Error updating secret
│
│ with infisical_secret.twine_username,
│ on 30-infisical-pwd.tf line 15, in resource "infisical_secret" "twine_username":
│ 15: resource "infisical_secret" "twine_username" {
│
│ Couldn't save encrypted secrets to Infiscial, unexpected error: CallUpdateSecretsV3: Unsuccessful response. Please make sure your secret path, workspace and
│ environment name are all correct [response={"type":"bad_request","message":"Missing encrypted
│ key","context":{},"level":30,"level_name":"INFO","status_code":400,"datetime_iso":"2024-01-21T14:45:54.890Z","application":"unknown","extra":[]}]
╵
failed to wait for command termination: exit status 1
I've been trying to get secret referencing working using the Terraform provider.
I have a Service Token with the scopes set to /**
which should be able to access all the secrets.
Next, I have two folders, A
and B
.
In the folder A
I have a secret named FOO
with a value of secret
.
I reference this secret in folder B like ${dev.A.FOO}
.
However, in terraform the output of the secret is not interpolated.
data "infisical_secrets" "test" {
env_slug = "dev"
folder_path = "/B"
}
output "foo" {
value = data.infisical_secrets.test.secrets
}
Outputs:
foo = tomap({
"ANOTHER_FOO" = {
"comment" = ""
"secret_type" = "shared"
"value" = "${dev.A.FOO}"
}
})
Using the CLI I can verify that it works:
infisical run --env=dev --path=/B -- env | grep foo
ANOTHER_FOO=secret
I simplified the example a bit, in my case folder B
would be nested an additional level, but the secret referencing should work no matter the level of nesting 🤔
In the docs, it is stated that secret referencing is working in all the native integrations. Is the terraform provider a native integration?
resource "infisical_secret" "DATABASE_URI" {
name = "DATABASE_URI"
value = "postgres://${neon_role.db_owner.name}:${neon_role.db_owner.password}@${neon_project.default.branch.endpoint.host}:5432"
env_slug = "dev"
folder_path = "/"
depends_on = [
neon_project.default,
neon_role.db_owner,
]
}
Error: Error creating secret
│
│ with infisical_secret.DATABASE_URI,
│ on main.tf line 86, in resource "infisical_secret" "DATABASE_URI":
│ 86: resource "infisical_secret" "DATABASE_URI" {
│
│ Couldn't save encrypted secrets to Infiscial, unexpected error:
│ CallCreateSecretsV3: Unsuccessful response. Please make sure your secret
│ path, workspace and environment name are all correct
│ [response={"type":"bad_request","message":"Failed to create secret that
│ already
│ exists","context":{},"level":30,"level_name":"INFO","status_code":400,"datetime_iso":"2024-01-27T16:44:30.084Z","application":"unknown","extra":[]}]
╵
Operation failed: failed running terraform apply (exit 1)
Related: #31
Currently, only infisical_secrets resource exists. The goal of this feature would be to implement an infisical_secret_imports resource.
To create a complete secrets' architecture from terraform.
Currently, only infisical_secrets resource exists. If you try to create a secret in a folder that doesn't exist, an error will be thrown. The goal of this feature would be to implement an infisical_folder resource.
To create a complete secrets' architecture from terraform
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.