Hands-on:
In an environment you can deploy terraform remotely with CICD, using Jenkins. And the kind of value provisioned, you have to ensure that the password is not exposed in your central repository. In the world of terraform, terraform has a function that prevents your credentials from being exposed. That function is called "SENSITIVE".
Inside the "variable.tf" we pass the function sensitive = "true". Automatically, terraform will pick it up. Sensitive will not hide the secret at the level of the STATE FILE but at least it will hide it from the terraform history that gets generated.
Hands-on:
Lets' provision few resources identifying sensitive while deploying our mysql-db.
STEP I:
Create a folder for example called "sensitive"
STEP 2:
Within the folder create a file called "db.auto.tfvars" We specified the user name and password.
Dev_allocated_storage = "10"
Dev-db_name = "devdb"
Dev-db_engine = "mysql"
Dev-db_engine_version = "5.7"
Dev-db_instance_class = "db.t3.micro"
Dev-db_username = "admin"
Dev-db_password = "adminpassword"
Dev-dbskip_final_snapshot = true
STEP 3:
Within the folder create a file called"mysql-db.tf" and at this level we, "variablize" and consumed username, password and engine version.
resource "aws_db_instance" "dev-mysqldb" {
allocated_storage = var.Dev_allocated_storage
db_name = var.Dev-db_name
engine = var.Dev-db_engine
engine_version = var.Dev-db_engine_version
instance_class = var.Dev-db_instance_class
username = var.Dev-db_username
password = var.Dev-db_password
skip_final_snapshot = var.Dev-dbskip_final_snapshot
}
STEP 4:
Create another file "provider.tf"
terraform {
required_version = "1.3.4"
required_providers {
aws = {
source = "hashicorp/aws"
version = "4.39.0"
}
}
}
provider "aws" {
region = "us-east-1"
profile = "default"
}
STEP 5:
Create a "variable.tf" file and pass the "true" function in the file at the level of sensitive.
variable "Dev_allocated_storage" {
type = number
}
# DB_name
variable "Dev-db_name" {
type = string
}
# DB_engine
variable "Dev-db_engine" {
type = string
sensitive = true
}
variable "Dev-db_engine_version" {
type = string
sensitive = true
}
variable "Dev-db_instance_class" {
type = string
}
variable "Dev-db_username" {
type = string
sensitive = true
}
variable "Dev-db_password" {
type = string
sensitive = true
}
variable "Dev-dbskip_final_snapshot" {
type = string
}
STEP 5 :
"cd" into the path i.e the folder
STEP 6 :
Run the terraform commands
-Init
-Validate
-plan
-destroy
STEP 7:
Congratulations, you have successfully used terraform sensitive to deploy mysql-db. Next slide we will discuss on modules.
NB: If you successfully deployed this hands-on, kindly leave a comment and feedbacks. 😊
Referencing :Below are the terraform documentation link:
No comments:
Post a Comment