configure vault provider

2021-10-17 16:36:51 +02:00 · 2021-10-17 16:36:51 +02:00 · f9d1498a3c
parent 18ec1212b3
commit f9d1498a3c
4 changed files with 43 additions and 9 deletions
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@ -8,6 +8,25 @@ provider "registry.example.com/telmate/proxmox" {
  ]
 }

+provider "registry.terraform.io/hashicorp/vault" {
+  version     = "2.24.1"
+  constraints = "2.24.1"
+  hashes = [
+    "h1:MUzJ+jOOPBoyGNWGjESE+t2rIjTobw08Y73jgU+d+EU=",
+    "zh:1968be03bbc83c9f512a60f0a018cb0cf4c9a4a0f9e606f9a7436ae06108200f",
+    "zh:23ef25b530dcf2f60692e261d2a56c112138d79a739f2c720bee818cf040a20f",
+    "zh:2b80879cf8110254eeeb55b36ce542e9cdaefc047d450368ff0ca631b29d41d6",
+    "zh:3d803047407a4e7ccb51cd88b38648e50517e70b97842ae1262b5c5a92eb8ede",
+    "zh:7edfd0323a839903e7fc5f45acce8dd61c43b356c09016e1bd43d6880bd82be6",
+    "zh:7efa2c6d1d0bac9478adb27fc68035ca9dc2107dae55d921a760a8ad237eb691",
+    "zh:a1f9d34e2ac8b3a3d177faef4f11690068919ef7d73256def6685cfd9282f83d",
+    "zh:a6c34746e0085ae49e3845fc58597d2d5778fcb2136fedb413b3e30ba77dd2bd",
+    "zh:a73eb4bc061b5babd7ea4d5f3f85f4b4c6d379982098411a29a7d7459fc37ab2",
+    "zh:aadecf464ead4ae30821495d8181e842c18a2537c018245509a96532eeaf7678",
+    "zh:e3ae8c48804065fa4f85095002f945adbd5cd3966c0b1afced7d839007586105",
+  ]
+}
+
 provider "registry.terraform.io/telmate/proxmox" {
  version = "2.8.0"
  hashes = [
--- a/main.tf
+++ b/main.tf
@ -1,13 +1,7 @@
-terraform {
-  required_providers {
-    proxmox = {
-      source = "registry.example.com/telmate/proxmox"
-    }
-  }
-}
-
 provider "proxmox" {
  pm_api_url = "https://10.42.42.42:8006/api2/json"
+  pm_user = data.vault_generic_secret.proxmox_auth.data["user"]
+  pm_password = data.vault_generic_secret.proxmox_auth.data["pass"]
  pm_tls_insecure = true
 }

@ -45,7 +39,7 @@ resource "proxmox_lxc" "vault" {
  target_node = "nuc"
  description = "Vault Secrets Management"
  hostname = "vault"
-  unprivileged = true
+  unprivileged = false # needed for mlock
  vmid = "102"
  clone = "101"

--- a/vault.tf
+++ b/vault.tf
@ -0,0 +1,9 @@
+provider "vault" {
+  address = "http://10.42.42.6:8200"
+  skip_tls_verify = true
+}
+
+# Proxmox authentication for terraform
+data "vault_generic_secret" "proxmox_auth" {
+    path = "secrets/proxmox/terraform_auth"
+}
--- a/version.tf
+++ b/version.tf
@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    proxmox = {
+      # Locally installed from git repo for LXC cloning support
+      source = "registry.example.com/telmate/proxmox"
+    }
+    vault = {
+      source  = "hashicorp/vault"
+      version = "2.24.1"
+    }
+  }
+}