Terraform - Use Gitlab provider to save secrets

1
votes

According to the documentation, there is already a Gitlab provider in Terraform. However, I can't find a way to create/update secrets in a project. Is that possible? Is there a related upcoming feature?

This would really help us in our work, as many output variables of terraform are required to configure other CI deployments we have.

We are using AWS, and some output variables like IAM credentials or subnet IDs cannot be assumed or deduced easily and at the moment we are struggling to find a way to forward them to our other tools.

Being able to do something like:

provider "gitlab" {
    token = "${var.gitlab_token}"
    url   = "${var.gitlab_url}"
}

# Add a project secret
resource "gitlab_project_secret" "my_project_secret" {
    project_name = "my_project"
    secret_key   = "${env}_AWS_SECRET_ACCESS_KEY"
    secret_value = ""${module.my_iam_user_module.secret_access_key}"
}

Would save us a lot of pain.

1
gitlabterraform

1 Answers

0
votes

It can't be done just yet although there is an open issue for it with a comment saying that someone was planning to start working on it a few months ago.

The Gitlab provider uses the upstream xanzy/go-gitlab project which does have support for project variables so it shouldn't be too much work to add it. If you are at all comfortable writing Go and/or have contributed to a Terraform provider before then it might be worth picking it up yourself considering the lack of updates on that issue.