Skip to content

FormationAI/terraform-provider-sops

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
.circleci
.circleci
 
 
docker
docker
 
 
sops
sops
 
 
test
test
 
 
vendor
vendor
 
 
.gitignore
.gitignore
 
 
GNUmakefile
GNUmakefile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

terraform-sops

A Terraform plugin for using files encrypted with Mozilla sops.

Example

Encrypt a file using Sops: sops demo-secret.enc.json

{
  "password": "foo",
  "db": {"password": "bar"}
}

sops_file

Usage in Terraform (0.12 and later) looks like this:

provider "sops" {}

data "sops_file" "demo-secret" {
  source_file = "demo-secret.enc.json"
}

output "do-something" {
  value = data.sops_file.demo-secret.data["password"]
}

output "do-something2" {
  value = data.sops_file.demo-secret.data["db.password"]
}
Expand for older, Terraform 0.11 and earlier, syntax 
provider "sops" {}

data "sops_file" "demo-secret" {
  source_file = "demo-secret.enc.json"
}

output "do-something" {
  value = "${data.sops_file.demo-secret.data.password}"
}

output "do-something2" {
  value = "${data.sops_file.demo-secret.data.db.password}"
}

Sops also supports encrypting the entire file when in other formats. Such files can also be used by specifying input_type = "raw":

data "sops_file" "some-file" {
  source_file = "secret-data.txt"
  input_type = "raw"
}

output "do-something" {
  value = data.sops_file.some-file.raw
}

sops_external

For use with reading files that might not be local.

input_type is required with this data source.

Terraform 0.12

provider "sops" {}

# using sops/test-fixtures/basic.yaml as an example
data "local_file" "yaml" {
  filename = "basic.yaml"
}

data "sops_external" "demo-secret" {
  source     = data.local_file.yaml.content
  input_type = "yaml"
}

output "do-something" {
  value = data.sops_external.demo-secret.data.hello
}
Expand for older, Terraform 0.11 and earlier, syntax

input_type is required with this data source.

provider "sops" {}

# using sops/test-fixtures/basic.yaml as an example
data "local_file" "yaml" {
  filename = "basic.yaml"
}

data "sops_external" "demo-secret" {
  source     = "${data.local_file.yaml.content}"
  input_type = "yaml"
}

output "do-something" {
  value = "${data.sops_external.demo-secret.data.hello}"
}

Install

Download the latest release for your environment and unpack it to the user plugin directory. The user plugins directory is in one of the following locations, depending on the host operating system:

  • Windows %APPDATA%\terraform.d\plugins
  • All other systems ~/.terraform.d/plugins

Development

Building and testing is most easily performed with make build and make test respectively.

The PGP key used for encrypting the test cases is found in test/testing-key.pgp. You can import it with gpg --import test/testing-key.pgp.

About

A Terraform provider for reading Mozilla sops files

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Languages

  • Go 88.6%
  • Makefile 7.2%
  • Dockerfile 2.4%
  • Shell 1.8%