Home

Awesome

<hr/> <p align="center"> <sub><img src="https://1password.com/img/logo-v1.svg" alt="1Password" width="20" /></sub> <b>SecretHub has joined 1Password!</b> Find out more on the <a href="https://secrethub.io/blog/secrethub-joins-1password/">SecretHub blog</a>. 🎉 </p> <hr/> <p align="center"> <img src="https://secrethub.io/img/integrations/terraform/github-banner.png?v2" alt="Terraform + SecretHub" width="390"> </p> <br/> <p align="center"> <a href="https://secrethub.io/blog/secret-management-for-terraform/"><img alt="Read blog post" src="https://secrethub.io/img/buttons/github/read-blog-post.png?v1" height="28" /></a> <a href="https://secrethub.io/docs/guides/terraform/"><img alt="View docs" src="https://secrethub.io/img/buttons/github/view-docs.png?v2" height="28" /></a> </p> <br/>

Terraform Provider

SecretHub is a secrets management tool that works for every engineer. Securely provision passwords and keys throughout your entire stack with just a few lines of code.

The SecretHub Terraform Provider lets you manage your secrets using Terraform. It is officially supported and actively maintained by SecretHub, but community contributions are very welcome.

Usage

Terraform v0.13

terraform {
  required_providers {
    secrethub = {
      source = "secrethub/secrethub"
      version = ">= 1.2.0"
    }
  }
}

resource "secrethub_secret" "db_password" {
  path = "my-org/my-repo/db/password"

  generate {
    length   = 22
    charsets = ["alphanumeric"]
  }
}

resource "secrethub_secret" "db_username" {
  path  = "my-org/my-repo/db/username"
  value = "db-user"
}

resource "aws_db_instance" "default" {
  allocated_storage    = 10
  storage_type         = "gp2"
  engine               = "mysql"
  engine_version       = "5.7"
  instance_class       = "db.t2.micro"
  name                 = "mydb"
  username             = secrethub_secret.db_username.value
  password             = secrethub_secret.db_password.value
  parameter_group_name = "default.mysql5.7"
}

Have a look at the reference docs for more information on the supported resources and data sources.

Terraform v0.12 and below

Manually install the secrethub provider by downloading the binary for your platform and moving it to ~/.terraform/plugins or %APPDATA%\terraform.d\plugins on Windows.

Afterwards you can run the following example with Terraform.

provider "secrethub" {}

resource "secrethub_secret" "db_password" {
  path = "my-org/my-repo/db/password"

  generate {
    length   = 22
    charsets = ["alphanumeric"]
  }
}

resource "secrethub_secret" "db_username" {
  path  = "my-org/my-repo/db/username"
  value = "db-user"
}

resource "aws_db_instance" "default" {
  allocated_storage    = 10
  storage_type         = "gp2"
  engine               = "mysql"
  engine_version       = "5.7"
  instance_class       = "db.t2.micro"
  name                 = "mydb"
  username             = secrethub_secret.db_username.value
  password             = secrethub_secret.db_password.value
  parameter_group_name = "default.mysql5.7"
}

Have a look at the reference docs for more information on the supported resources and data sources.

Get Started

Check out the step-by-step integration guide to get started.

A detailed use case is described in the original announcement. There are also some examples in this repo.

Support

If you need help, send us a message on the #terraform channel on <img src="https://discordapp.com/assets/2c21aeda16de354ba5334551a883b481.png" alt="Discord" width="20px"> Discord or send an email to terraform@secrethub.io

Development

Building

Get the source code:

git clone https://github.com/secrethub/terraform-provider-secrethub

Build it using:

make build

Testing

To run the acceptance tests, the following environment variables need to be set up.

Only for the AWS acceptance tests:

Only for the GCP acceptance tests:

With the environment variables properly set up, run:

make testacc