That said, so as not to leave you entirely hanging, if you do go with environment variables, the most common solution for storing and managing secrets is to use a password manager such as: So in a sense, this technique just kicks the can down the road, whereas the other techniques described later in this blog post are more prescriptive. This technique helps you avoid storing secrets in plain text in your code, but it leaves the question of how to actually securely store and manage the secrets unanswered. Use this when setting environment variables with secrets to avoid having those secrets stored on disk.) (Pro tip: if you have the HISTCONTROL environment variable set correctly in a Bash terminal, then any command with a leading space will not be stored in Bash history. For example, here’s how you could set username and password via environment on Linux, Unix, or Mac, and run terraform apply to deploy the database: # Set secrets via environment variables export TF_VAR_username=(the username) export TF_VAR_password=(the password) # When you run Terraform, it'll pick up the secrets automatically terraform apply You can now pass in a value for each variable foo by setting an environment variable called TF_VAR_foo. For example, here’s a snippet of Terraform code that can be used to deploy MySQL using Amazon RDS: resource "aws_db_instance" "example" One of the most common questions we get about using Terraform to manage infrastructure as code is how to handle secrets such as passwords, API keys, and other sensitive data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |