Reputation: 147
How to securely build a key vault with secrets with terraform
Stack: git, Azure DevOps, Terraform, Azure
I want to create and populate an azure key vault using terraform+azure devops.
My question is this: how do I build this key vault in terraform without storing the secrets to populate it with in plain text?
If I encrypt a file containing the secrets and check that into source control to be decrypted/used by the terraform when populating the key vault I want to create, I'd have to manually create and store a key in a separate azure key vault that I'd have to manually create. This seems like it would be an anti-pattern if trying to keep all infrastructure as code, so I'm looking for a better way.
Upvotes: 1
Views: 791
Answers (1)
Reputation: 239000
You have to do it outside of TF. So either you do it manually, or use local-exec to run some CLI or script to create the secret values which are not going to end up in the state file.
Upvotes: 2
Related Questions
- terraform on azure - create keyvault with private connection
- Terraform with Azure Key Vault to get secret value
- Terraform create a azure key vault
- How to add multiple secrets to azure key vault using terraform
- Terraform: Adding sensitive data to Azure KeyVault
- Terraform key vault access policy
- Secure management plane's key vault in Terraform
- Using Terraform to create Key Vault secret for Virtual Machine password
- Terraform Azure provider - How do I add via terraform more than one key and/or secret for my key vault?
- Terraform Populate secrets from central key vault