How to Deploy IAC with your secrets in Terraform Vault – 100 days of Cloud: Day 23

DAY 23 – Deploying IAC with your secrets in Terraform Vault – Day Twenty three

100 days of Cloud on GitHub – Read On iCTPro.co.nz – Read on Dev.to

What is Vault?

Securely accesses secrets , HashiCorp explains as Vault comes with various pluggable components called secrets engines and authentication methods allowing you to integrate with external systems. Vault issues temporary tokens to access the resources.

• In the blog I will be demonstrating how to setup a vault
• Accessing secrets from Vault to Deploy your infrastructure into a AWS environment.

Prerequisite

Install AWS CLI and Configure with IAM credentialsGIF

Install Vault

Goto this link to install Vault
I Am using a WSL Linux on windows

• Getting GPG key

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -

• Adding HashiCorp Linux repo

sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"

• install

sudo apt-get update && sudo apt-get install vault

Setup Vault Project folder

• Lets create a project folder named Vault and cd into it

Setup Vault Server (Dev environment)

vault server -dev -dev-root-token-id="environment"

Note down the Vault Address, Unsealkey & Root token.

Sign into vault server

Enter token as “environment”

• Select Secret & Click Create Secret.
• Enter your IAM Programmatic access keys & Save.

Deploying with Vault

• Create a main.tf file and copy paste this command

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "3.58.0"
    }
  }
}

data "vault_generic_secret" "aws_creds" {
    path = "secret/aws"
}

provider "aws" {
  region  = data.vault_generic_secret.aws_creds.data["region"]
    access_key = data.vault_generic_secret.aws_creds.data["aws_access_key_id"]
    secret_key = data.vault_generic_secret.aws_creds.data["aws_secret_access_key"]
}


resource "aws_instance" "my_server" {
  ami           = "ami-059af0b76ba105e7e"
  instance_type = "t2.nano"
    tags = {
        Name = "Vault-Server"
    }
}

You have to change ami incase your region is not on ap-southeast-2

• Initialize Terraform

terraform init

• Plan terraform

terraform plan

You will be prompted to enter the vault url, in this case it is http://127.0.0.1:8200/

• Deploy infrastructure

terraform apply -auto-approve

• Enter url of vault when its prompted.

• Teardown your infrastructure

if you are happy with the deployment , you can tear down the deployed resources

terraform apply -auto-approve -destroy

😀🎉Congratulations🎉 you have successfully deployed IAC with Terraform VaultGIF

✅Connect with me on Twitter
🤝🏽Connect with me on Linkedin
🧑🏼‍🤝‍🧑🏻 Read more post on dev.to or iCTPro.co.nz
💻 Connect with me on GitHub