From 2b4e796e78ef290856c9414fe6fff424fca926c3 Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Fri, 4 Dec 2020 09:23:36 -0500 Subject: [PATCH] Pull DO tokens from pass --- README.md | 9 +-------- tf-init.sh | 14 +++++++------- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 5dab4ad..9ea2b7a 100644 --- a/README.md +++ b/README.md @@ -3,14 +3,7 @@ This repository contains the configuration files and scripts to support the infrastructure I use for personal projects. ## Terraform environment variables and config -Terraform state is stored in a DigitalOcean Spaces bucket. In order to access the bucket, the Terraform backend configuration needs the `access_key` and `secret_key` variables set. These variables are the DigitalOcean Spaces access key and secret key, respectively, which are generated from the DigitalOcean Spaces UI. I'm passing them to Terraform via the `-backend-config` `terraform init` option. I create a file `backend-config.tf` in the root directory containing the necessary variables: - -```terraform -access_key = "xxxxxxxxxxxxxxxxxxxx" -secret_key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -``` - -Then run `terraform init -backend-config=backend-config.tf` when I need to run any Terraform commands. This operation is encapsulated in the `tf-init.sh` script. +Terraform state is stored in a DigitalOcean Spaces bucket. In order to access the bucket, the Terraform backend configuration needs the `access_key` and `secret_key` variables set. These variables are the DigitalOcean Spaces access key and secret key, respectively, which are generated from the DigitalOcean Spaces UI. I'm passing them to Terraform via the `-backend-config` `terraform init` option and pulling their values from my password manager. This operation is encapsulated in the `tf-init.sh` script. The Terraform scripts also require some environment variables set: diff --git a/tf-init.sh b/tf-init.sh index 10282c9..3d52534 100755 --- a/tf-init.sh +++ b/tf-init.sh @@ -1,10 +1,10 @@ #!/usr/bin/env bash -BACKEND_FILE="$(dirname $0)/backend-config.tf" +set -e -if [ -f "$BACKEND_FILE" ]; then - terraform init -backend-config="$BACKEND_FILE" -else - echo "Could not find $BACKEND_FILE" - exit 1 -fi +SPACES_ACCESS_ID=$(pass jdormit-infra-spaces-access-id) +SPACES_SECRET_KEY=$(pass jdormit-infra-spaces-secret-key) + +terraform init \ + -backend-config="access_key=$SPACES_ACCESS_ID" \ + -backend-config="secret_key=$SPACES_SECRET_KEY"