How to use terraform with hashicorp vault for openstack?

2
votes

I am using terraform to provision servers in a private openstack cloud. Running terraform requires that the terraform script can access my username and password for my openstack cloud. So I would like to store this info in a secret file and encrypt this (something along the lines of ansible vault). However the only examples I have found for using hashicorp vault with terraform have been for AWS. So how would I create a terraform script that can read a vault value containing two variables to use them for provisioning openstack instances?

For reference here is how I mounted my vault secret backend:

vault mount generic

Here is what my secret would look like (if I didn't write it into a json file):

vault write generic/logins usernames=myUserName psswrds=myPassword

1
terraformhashicorp-vault
What's wrong with what you linked? It seems to pull in any form of secrets from the backend. In fact the example in the README has it pull in both AWS creds and also an SSL cert and key. - ydaetskcoR

1 Answers

2
votes

Terraform 0.8 will have a Vault provider.

data "vault_generic_secret" "login" {
  path = "generic/logins"
}

provider "something" {
  user = "${data.vault_generic_secret.login.data["username"]}"
  pass = "${data.vault_generic_secret.login.data["password"]}"
}