Terraform with OnePassword

Why?

When you use Terraform, such as postgresql_role on AWS

an official document like this

resource "postgresql_role" "my_role" {
  name     = "my_role"
  login    = true
  password = "mypass"
}

resource "postgresql_role" "my_replication_role" {
  name             = "replication_role"
  replication      = true
  login            = true
  connection_limit = 5
  password         = "md5c98cbfeb6a347a47eb8e96cfb4c4b890"
}

as you can see, there are password sections in the example.

which means all people who have access to the Terraform repository will be able to see the password.

we can change this to Input Variables (AKA environment variables)

but if environment variables are hard to sync with all DevOps members.

so to synchronize all configurations, we can consider OnePassword as Environment Variable Injector

How?

there are two ways to use

  • connect server

  • 1Password CLI

we will look into 1Password CLI

1Password CLI

install CLI

$ brew install 1password-cli
$ op --version

(Optional) 1Password Service Accounts

you don't know your company use Service Accounts or not? you can check here you don't have permssion? then type this on your DevOps collegues computer $ echo $OP_SERVICE_ACCOUNT_TOKEN

setup vault (key) list

$ op vault list

after type this command they will ask

  • sign-in address

  • email

  • secret key

  • password

and demand run command

eval $(op signin)

after all this check

$ op vault list
Previous[Terraform] basicNext[Terraform] CDKTF

Last updated

Was this helpful?