Reputation: 4269
Providing Terraform with credentials in terraform files instead of env variable
I have set-up a terraform project with a remote back-end on GCP. Now when I want to deploy the infrastructure, I run into issues with credentials. I have a credentials file in
\home\mike\.config\gcloud\credentials.json
In my terraform project I have the following data referring to the remote state:
data "terraform_remote_state" "project_id" {
backend = "gcs"
workspace = "${terraform.workspace}"
config {
bucket = "${var.bucket_name}"
prefix = "${var.prefix_project}"
}
}
and I specify the cloud provider with a the details of my credentials file.
provider "google" {
version = "~> 1.16"
project = "${data.terraform_remote_state.project_id.project_id}"
region = "${var.region}"
credentials = "${file(var.credentials)}"
}
However, this runs into
data.terraform_remote_state.project_id: data.terraform_remote_state.project_id:
error initializing backend:
storage.NewClient() failed: dialing: google: could not find default
credentials.
if I add
export GOOGLE_APPLICATION_CREDENTIALS=/home/mike/.config/gcloud/credentials.json
I do get it to run as desired. My issue is that I would like to specify the credentials in the terraform files as I am running the terraform commands in an automated way from a python script where I cannot set the environment variables. How can I let terraform know where the credentials are without setting the env variable?
Upvotes: 14
Views: 14939
Answers (3)
Reputation: 923
Provide the service account credentials:
terraform {
backend "gcs" {
credentials = "myserviceaccount-credentials-file.json"
bucket = "my-project-global-bucket"
prefix = "terraform/state"
}
}
Upvotes: 2
Reputation: 1679
I was facing the same error when trying to run terraform (version 1.1.5) commands in spite of having successfully authenticated via gcloud auth login.
Error message in my case:
Error: storage.NewClient() failed: dialing: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
It turned out that I had to also authenticate via gcloud auth application-default login and was able to run terraform commands thereafter.
Upvotes: 22
Reputation: 4269
I figured this out in the end.
Also the data needs to have the credentials.
E.g.
data "terraform_remote_state" "project_id" {
backend = "gcs"
workspace = "${terraform.workspace}"
config = {
bucket = "${var.bucket_name}"
prefix = "${var.prefix_project}"
credentials = "${var.credentials}" <- added
}
}
Upvotes: 7
Related Questions
- How can I pass credentials in Terraform?
- Google Cloud credentials with Terraform
- Assign terraform output to environment variable
- Authentication to GCP in terraform
- Terraform v0.13 - Check if password or secret provided, use a randomly generated one if not
- Using terraform to create auth0_connection
- Can I define terraform cloud credentials in environment variables instead of .terraformrc file?
- No valid credential sources found for AWS Provider when using environment vars
- How to use environment variables for secrets in Terraform
- Assign value to shared_credentials_file using environment variable in Terraform