Skip to content

mecodia/terraform-provider-pass

 
 

Repository files navigation

Pass Terraform Provider

Terraform Registry Version Go Report Card By mecodia

This provider adds integration between Terraform, Pass and Gopass password stores.

It was forked from camptocamp/terraform-provider-pass.

Pass is a password store using gpg to encrypt password and git to version. Gopass is a rewrite of the pass password manager in Go with the aim of making it cross-platform and adding additional features.

Requirements

Building The Provider

Download the provider source code

$ go get github.com/mecodia/terraform-provider-pass

Enter the provider directory and build the provider

$ cd $GOPATH/src/github.com/mecodia/terraform-provider-pass
$ dep ensure
$ make build

Installing the provider

With Terraform 0.14 you'll load it straight from the registry.

For development and testing purposes you can do this (adjust for your os/arch):

mkdir -p $(HOME)/.terraform.d/plugins/local/mecodia/pass/3.0/darwin_arm64/
cp ./bin/$(BINARY)_*_darwin_arm64 $(HOME)/.terraform.d/plugins/local/mecodia/pass/3.0/darwin_arm64/$(BINARY)

And you can then reverence it as local/mecodia/pass in your providers block.

Example

terraform {
   required_providers {
     pass = {
       source = "mecodia/pass"
     }
   }
 }

resource "pass_password" "test" {
  path = "secret/foo"
  password = "0123456789"
  data = {
    zip = "zap"
  }
}

data "pass_password" "test" {
  path = "${pass_password.test.path}"
}

Usage

The pass provider

Argument Reference

The provider takes no arguments.

The pass_password resource

Argument Reference

The resource takes the following arguments:

  • path - Full path from which a password will be read
  • password - Secret password
  • data - (Optional) Additional secret data (keys and values, not nested)
  • yaml - (Optional) YAML document, can't be set together with data

Attribute Reference

The following attributes are exported:

  • path - Full path from which the password was read
  • password - Secret password
  • data - Additional secret data
  • body - Raw secret data, only filled if not stored as YAML
  • full - Entire raw secret contents

The pass_password data source

Argument Reference

The data source takes the following arguments:

  • path - Full path from which a password will be read

Attribute Reference

The following attributes are exported:

  • path - Full path from which the password was read
  • password - Secret password
  • data - Additional secret data
  • body - Raw secret data, only filled if not stored as YAML
  • full - Entire raw secret contents

Developing the Provider

If you wish to work on the provider, you'll first need Go installed on your machine (version 1.17+ is required). You'll also need to correctly set up a GOPATH, as well as adding $GOPATH/bin to your $PATH.

To compile the provider, run make build. This will build the provider and put the provider binary in the $GOPATH/bin directory.

$ make bin
...
$ $GOPATH/bin/terraform-provider-$PROVIDER_NAME
...

In order to test the provider, you can simply run make test.

$ make test

In order to run the full suite of Acceptance tests, run make testacc.

Note: Acceptance tests create real resources, and often cost money to run.

$ make testacc

Publishing the provider

Github release

summon goreleaser release --rm-dist