DEV Community

Cover image for Deploying IAC with your secrets in Terraform Vault
Anuvindh for AWS Community Builders

Posted on

Deploying IAC with your secrets in Terraform Vault

DAY 23 - Deploying IAC with your secrets in Terraform Vault - Day Twenty three

Image tweet

100 days of Cloud on GitHub - Read On iCTPro.co.nz - Read on Dev.to


What is Vault?

Securely accesses secrets , HashiCorp explains as Vault comes with various pluggable components called secrets engines and authentication methods allowing you to integrate with external systems. Vault issues temporary tokens to access the resources.
Image vault image

  • In the blog I will be demonstrating how to setup a vault
  • Accessing secrets from Vault to Deploy your infrastructure into a AWS environment.

Prerequisite

Install AWS CLI and Configure with IAM credentials

Image click

Install Vault

Goto this link to install Vault
I Am using a WSL Linux on windows

  • Getting GPG key
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
Enter fullscreen mode Exit fullscreen mode
  • Adding HashiCorp Linux repo
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
Enter fullscreen mode Exit fullscreen mode
  • install
sudo apt-get update && sudo apt-get install vault
Enter fullscreen mode Exit fullscreen mode

Setup Vault Project folder

  • Lets create a project folder named Vault and cd into it

Setup Vault Server (Dev environment)

vault server -dev -dev-root-token-id="environment"
Enter fullscreen mode Exit fullscreen mode

Image vault server

Note down the Vault Address, Unsealkey & Root token.

Sign into vault server

Image vault login
Enter token as "environment"

  • Select Secret & Click Create Secret.
  • Enter your IAM Programmatic access keys & Save.

Image AWS CLI

Deploying with Vault

  • Create a main.tf file and copy paste this command
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "3.58.0"
    }
  }
}

data "vault_generic_secret" "aws_creds" {
    path = "secret/aws"
}

provider "aws" {
  region  = data.vault_generic_secret.aws_creds.data["region"]
    access_key = data.vault_generic_secret.aws_creds.data["aws_access_key_id"]
    secret_key = data.vault_generic_secret.aws_creds.data["aws_secret_access_key"]
}


resource "aws_instance" "my_server" {
  ami           = "ami-059af0b76ba105e7e"
  instance_type = "t2.nano"
    tags = {
        Name = "Vault-Server"
    }
}
Enter fullscreen mode Exit fullscreen mode

You have to change ami incase your region is not on ap-southeast-2

  • Initialize Terraform
terraform init
Enter fullscreen mode Exit fullscreen mode
  • Plan terraform
terraform plan
Enter fullscreen mode Exit fullscreen mode

You will be prompted to enter the vault url, in this case it is http://127.0.0.1:8200/

Image url vault

  • Deploy infrastructure
terraform apply -auto-approve
Enter fullscreen mode Exit fullscreen mode
  • Enter url of vault when its prompted.

Image result

  • Teardown your infrastructure

if you are happy with the deployment , you can tear down the deployed resources

terraform apply -auto-approve -destroy
Enter fullscreen mode Exit fullscreen mode

😀🎉Congratulations🎉 you have successfully deployed IAC with Terraform Vault

Image congratulations


✅Connect with me on Twitter
🤝🏽Connect with me on Linkedin
🧑🏼‍🤝‍🧑🏻 Read more post on dev.to or iCTPro.co.nz
💻 Connect with me on GitHub

Top comments (0)