github/wp-opentofu
0
0
Fork 0
mirror of https://github.com/thegeeklab/wp-opentofu.git synced 2024-11-22 00:30:40 +00:00
Code Issues Releases Activity

Update docs about secrets

Browse Source
This commit is contained in:
Jacob McCann 2017-09-06 10:24:24 -05:00
parent 9749b0b8f9
commit 00912b6d75
1 changed files with 19 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
DOCS.md
View File

@ -29,8 +29,11 @@ pipeline:
+ app_version: 1.0.0 + app_version: 1.0.0
``` ```
Example configuration passing secrets to terraform via `vars`. The following Example configuration passing secrets to terraform. Please read
example will call `terraform apply -var my_secret=${TERRAFORM_SECRET}`: https://www.terraform.io/docs/configuration/variables.html#environment-variables
for more details.
**Drone 0.6+**:
```diff ```diff
pipeline: pipeline:
@ -38,7 +41,19 @@ pipeline:
image: jmccann/drone-terraform:1 image: jmccann/drone-terraform:1
plan: false plan: false
+ secrets: + secrets:
+ my_secret: TERRAFORM_SECRET + - source: terraform_secret
+ target: tf_var_my_secret
```
**Drone 0.5**:
```diff
pipeline:
terraform:
image: jmccann/drone-terraform:1
plan: false
+ environment:
+ TF_VAR_MY_SECRET: ${TERRAFORM_SECRET}
``` ```
You may be passing sensitive vars to your terraform commands. If you do not want You may be passing sensitive vars to your terraform commands. If you do not want
@ -138,36 +153,6 @@ pipeline:
+ parallelism: 2 + parallelism: 2
``` ```
If you need to set different ENV secrets for multiple `terraform` steps you can utilize `secrets`.
The following example shows using different remotes secrets each step.
```yaml
pipeline:
dev_terraform:
image: jmccann/drone-terraform:1
plan: false
init_options:
backend_config:
- "bucket=my-terraform-config-bucket"
- "key=tf-states/my-project"
- "region=us-east-1"
+ secrets:
+ AWS_ACCESS_KEY_ID: DEV_AWS_ACCESS_KEY_ID
+ AWS_SECRET_ACCESS_KEY: DEV_AWS_SECRET_ACCESS_KEY
prod_terraform:
image: jmccann/drone-terraform:1
plan: false
init_options:
backend_config:
- "bucket=my-terraform-config-bucket"
- "key=tf-states/my-project"
- "region=us-east-1"
+ secrets:
+ AWS_ACCESS_KEY_ID: PROD_AWS_ACCESS_KEY_ID
+ AWS_SECRET_ACCESS_KEY: PROD_AWS_SECRET_ACCESS_KEY
```
Destroying the service can be done using the boolean `destory` option. Keep in mind that Fastly won't allow a service with active version be destoryed. Use `force_destroy` option in the service definition for terraform to handle it. Destroying the service can be done using the boolean `destory` option. Keep in mind that Fastly won't allow a service with active version be destoryed. Use `force_destroy` option in the service definition for terraform to handle it.
```yaml ```yaml
@ -205,12 +190,6 @@ var_files
: a list of variable files to pass to the Terraform `plan` and `apply` commands. : a list of variable files to pass to the Terraform `plan` and `apply` commands.
Each value is passed as a `-var-file <value>` option. Each value is passed as a `-var-file <value>` option.
secrets
: a map of variables to pass to the Terraform `plan` and `apply` commands as well as setting envvars.
The `key` is the var and ENV to set. The `value` is the ENV to read the value from.
* Each entry generate a terraform var as follows: `-var <key>=$<value>`
* Additionally each entry generate sets and envvar as follows: `key=$value`
ca_cert ca_cert
: ca cert to add to your environment to allow terraform to use internal/private resources : ca cert to add to your environment to allow terraform to use internal/private resources
@ -227,4 +206,4 @@ parallelism
: The number of concurrent operations as Terraform walks its graph. : The number of concurrent operations as Terraform walks its graph.
destroy (boolean) destroy (boolean)
: Destroys the service (still requires [`force_destroy`](https://www.terraform.io/docs/providers/fastly/r/service_v1.html#force_destroy) option to be set in the service definition) : Destroys the service (still requires [`force_destroy`](https://www.terraform.io/docs/providers/fastly/r/service_v1.html#force_destroy) option to be set in the service definition)