terraform-provider-ansiblevault icon indicating copy to clipboard operation
terraform-provider-ansiblevault copied to clipboard

Published 20 hours ago verified publisher icon MeilleursAgents

Support json and result as object

Open viesti opened this issue 4 years ago • 5 comments

First off, thanks for the awesome provider, I nearly dabbled into learning Go to write one from scratch but maybe later for that :)

Before finding this provider, I made a hack like this:

data "external" "json_secrets" {
  program = ["ansible-vault", "view", "vars/secrets.json"]
}

This allows us to decrypt secrets in other formats than Yaml and one can refer to all secrets at once via data.external.secrets.result.<key> (no nesting allowed, but maybe not a problem usually). I wonder if it would make sense to have similar support in this provider too?

viesti avatar Mar 10 '20 08:03 viesti

Hi @viesti,

We'll think about introduce executable in provider. This feature will resolve #49 too.

Best

bdronneau avatar Mar 11 '20 09:03 bdronneau

Thanks for the reply!

I realized that I might not have communicated too well. I was thinking that there could be an attribute where the whole contents of the encrypted file would be present and that it would not go through Yaml parsing, allowing the content to be something else than Yaml. Maybe something like:

data "ansiblevault_path" "secrets" {
  path = "vars/secrets/secrets.json
}

resource "aws_db_instance" "my-db" {
  password = jsondecode(data.ansiblevault_path.secrets.contents).db_password
}

, where omitting the key attribute would instruct not to parse the content and the decrypted contents would be available via contents attribute.

BR,

Kimmo

viesti avatar Mar 11 '20 10:03 viesti

No problem, I was thinking about introduce an abstract unmarshall content https://github.com/MeilleursAgents/terraform-provider-ansiblevault/blob/561b7274f939b89a9984f76acfebffe22ac987fb/pkg/vault/vault.go#L82 and introduce content-type

bdronneau avatar Mar 11 '20 13:03 bdronneau

Sounds like a nice direction of further development :)

viesti avatar Mar 12 '20 07:03 viesti

Hi all, thanks for the provider! I am also searching for something related to this thread:

### #Want to read all the keys from file at once: data "ansiblevault_path" "path" { provider = ansiblevault.myconf path = "./simple_vault_test.yaml" }

#Usage, (example): resource "azurerm_key_vault_secret" "secret" { for_each = data.ansiblevault_path.path.key key_vault_id = azurerm_key_vault.key-vault.id name = each.value.key value = each.value.value tags = var.tags }

Will appreciate it a lot. Thanks

Bulikeri avatar Jan 15 '21 12:01 Bulikeri