This demo illustrates how to migrate from a Terraform OSS workflow to Terraform Enterprise without difficulty. And because I like challenges, I decided to integrate CircleCI with Vault to request Azure dynamic credentials the pipeline is launched.
Here are the technologies and features used in this demo:
- CircleCI Pipeline
- Vault with Custom Plugin for CircleCI Auth
- Azure Dynamic Secrets
- Terraform Enhanced Backend
- Terraform Enterprise APIs
Screenshot of the pipeline resulting from the config.yml file:
Here's what you'll need to recreate this demo environment in Azure:
-
Get an Azure Portal Account - First you'll need an appropriate account in Azure AD to be able to access Azure Portal and to configure Vault Dynamic Secrets.
- If you don't have an account yet, create a free Azure account here: https://azure.microsoft.com/free/
- Create a VM on Azure and deploy a Vault instance (OSS or Enterprise) on it using this code: https://github.com/nehrman/vault-circleci-integration
You should end up with something like this:
-
Enable the Azure Secrets Engine - Run this command:
vault auth enable -path=azure_demo azureThen configure Vault according to our documentation: https://www.vaultproject.io/docs/secrets/azure/index.html
-
Create a Policy for CircleCI - Create a policy to authorize your CircleCI project to read creds from Azure Secret Engine:
path "azure_demo/creds/my_role" { capabilities = ["read"] }
Attach the policy to your project in the configuration of Vault CircleCI Auth Plugin:
vault write auth/vault-circleci-auth-plugin/map/projects/project_name value=policy_name
-
Sign up for a Terraform Cloud Trial - Next we'll need a Terraform Cloud trial account.
- Sign up here: https://www.hashicorp.com/go/terraform-enterprise-trial
- Log onto your new account here: https://app.terraform.io
- Follow the guide to:
- Create an
organization - Create a
token
- Create an
-
Configure CircleCI - If you don't already have an account, sign up here To make things easier, create an account with your Github Account :) Now, follow these steps :
- Click on
+ Add Project:
- Select your project and click on
Set Up Project:
- Finally, configure the environment variables in your project:
- Click on
Bravo!!!!, you're all set and ready to test the pipeline.
- Marc Boudreau - For his amazing work creating vault CircleCI Auth plugin Github
- Joern Stenkamp - For helping me figure out the TFE variables creation Github
- Guy Barros - For working together on the windows VM on azure Github
- Nicolas Ehrman - Initial work - Hashicorp