From f9d1498a3c47746d1557451661006a877fd1f8ac Mon Sep 17 00:00:00 2001 From: Victor Roest Date: Sun, 17 Oct 2021 16:36:51 +0200 Subject: [PATCH] configure vault provider --- .terraform.lock.hcl | 19 +++++++++++++++++++ main.tf | 12 +++--------- vault.tf | 9 +++++++++ version.tf | 12 ++++++++++++ 4 files changed, 43 insertions(+), 9 deletions(-) create mode 100644 vault.tf create mode 100644 version.tf diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 31231a0..274cfbb 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -8,6 +8,25 @@ provider "registry.example.com/telmate/proxmox" { ] } +provider "registry.terraform.io/hashicorp/vault" { + version = "2.24.1" + constraints = "2.24.1" + hashes = [ + "h1:MUzJ+jOOPBoyGNWGjESE+t2rIjTobw08Y73jgU+d+EU=", + "zh:1968be03bbc83c9f512a60f0a018cb0cf4c9a4a0f9e606f9a7436ae06108200f", + "zh:23ef25b530dcf2f60692e261d2a56c112138d79a739f2c720bee818cf040a20f", + "zh:2b80879cf8110254eeeb55b36ce542e9cdaefc047d450368ff0ca631b29d41d6", + "zh:3d803047407a4e7ccb51cd88b38648e50517e70b97842ae1262b5c5a92eb8ede", + "zh:7edfd0323a839903e7fc5f45acce8dd61c43b356c09016e1bd43d6880bd82be6", + "zh:7efa2c6d1d0bac9478adb27fc68035ca9dc2107dae55d921a760a8ad237eb691", + "zh:a1f9d34e2ac8b3a3d177faef4f11690068919ef7d73256def6685cfd9282f83d", + "zh:a6c34746e0085ae49e3845fc58597d2d5778fcb2136fedb413b3e30ba77dd2bd", + "zh:a73eb4bc061b5babd7ea4d5f3f85f4b4c6d379982098411a29a7d7459fc37ab2", + "zh:aadecf464ead4ae30821495d8181e842c18a2537c018245509a96532eeaf7678", + "zh:e3ae8c48804065fa4f85095002f945adbd5cd3966c0b1afced7d839007586105", + ] +} + provider "registry.terraform.io/telmate/proxmox" { version = "2.8.0" hashes = [ diff --git a/main.tf b/main.tf index f1d640e..32ce7cb 100644 --- a/main.tf +++ b/main.tf @@ -1,13 +1,7 @@ -terraform { - required_providers { - proxmox = { - source = "registry.example.com/telmate/proxmox" - } - } -} - provider "proxmox" { pm_api_url = "https://10.42.42.42:8006/api2/json" + pm_user = data.vault_generic_secret.proxmox_auth.data["user"] + pm_password = data.vault_generic_secret.proxmox_auth.data["pass"] pm_tls_insecure = true } @@ -45,7 +39,7 @@ resource "proxmox_lxc" "vault" { target_node = "nuc" description = "Vault Secrets Management" hostname = "vault" - unprivileged = true + unprivileged = false # needed for mlock vmid = "102" clone = "101" diff --git a/vault.tf b/vault.tf new file mode 100644 index 0000000..73d2d7d --- /dev/null +++ b/vault.tf @@ -0,0 +1,9 @@ +provider "vault" { + address = "http://10.42.42.6:8200" + skip_tls_verify = true +} + +# Proxmox authentication for terraform +data "vault_generic_secret" "proxmox_auth" { + path = "secrets/proxmox/terraform_auth" +} diff --git a/version.tf b/version.tf new file mode 100644 index 0000000..7905084 --- /dev/null +++ b/version.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + proxmox = { + # Locally installed from git repo for LXC cloning support + source = "registry.example.com/telmate/proxmox" + } + vault = { + source = "hashicorp/vault" + version = "2.24.1" + } + } +}