Coder Social home page Coder Social logo

luminsports / terraform-provider-bless Goto Github PK

View Code? Open in Web Editor NEW

This project forked from chanzuckerberg/terraform-provider-bless

0.0 0.0 0.0 49.49 MB

Terraform provider to automate the creation of BLESS deployments

License: MIT License

Go 0.31% Python 98.64% C 0.35% CSS 0.55% TeX 0.01% JavaScript 0.13% Smarty 0.01%

terraform-provider-bless's Introduction

terraform-provider-bless

This is a fork of chanzuckerberg/bless, updated to provide a darwin/arm64 binary, and updates to the BLESS lambda to provide support for ED25519 CA private keys.

Terraform provider to automate the creation of BLESS deployments.

bless_ca

This provider generates a BLESS CA without leaking any sensitive material to the terraform state store. The private part of the key is encrypted with a password. This password is then encrypted through KMS so that it is compatible with BLESS.

Example usage

provider "bless" {
  region  = "us-east-1"
  profile = "<aws_profile>"
}

resource "bless_ca" "example" {
  kms_key_id = "<kms_key_id>"
}

# The encrypted CA private key
output "encrypted_ca" {
  value = "${bless_ca.example.encrypted_ca}"
}

# The CA public key
output "ca" {
  value = "${bless_ca.example.public_key}"
}

# The KMS encrypted CA password
output "password" {
  value = "${bless_ca.example.encrypted_password}"
}

This module only creates logical resources and therefore only contributes to terraform state. Does not create externally managed resources. In order to generate a new key then, you must taint the resource. Terraform will then generate a new key on the next run.

terraform taint bless.example

bless_lambda

This data source creates a zip with the lambda code. Generally used with a lambda resource

Example usage

provider "bless" {
  region  = "us-east-1"
  profile = "<aws_profile>"
}

resource "bless_ca" "example" {
  kms_key_id = "<kms_key_id>"
}

data "bless_lambda" "code" {
  encrypted_password = "${bless_ca.example.encrypted_password}"
  encrypted_ca = "${bless_ca.example}"
  service_name = "my-bless-example" # give this CA a name
  kmsauth_key_id = "<kmsauth_key_id>"
  output_path = "${path.module}/bless.zip"
}

resource "aws_lambda_function" "bless" {
  filename = "${path.module}/bless.zip"
  source_code_hash = "${data.bless_lambda.code.output_base64sha256}"
  ...
}

terraform-provider-bless's People

Contributors

ryzr avatar ryanking avatar mbarrien avatar dependabot-preview[bot] avatar dependabot[bot] avatar alexlokshin-czi avatar jacoblerner-czi avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.