Skip to content

Latest commit

 

History

History
70 lines (56 loc) · 3.62 KB

README.md

File metadata and controls

70 lines (56 loc) · 3.62 KB

Terraform-CircleCI-Vault-Demo

This demo illustrates how to migrate from a Terraform OSS workflow to Terraform Enterprise without difficulty. And because I like challenges, I decided to integrate CircleCI with Vault to request Azure dynamic credentials the pipeline is launched.

Here are the technologies and features used in this demo:

  • CircleCI Pipeline
  • Vault with Custom Plugin for CircleCI Auth
  • Azure Dynamic Secrets
  • Terraform Enhanced Backend
  • Terraform Enterprise APIs

CircleCI Pipeline Screenshot

What does it look like in CircleCI?

Screenshot of the pipeline resulting from the config.yml file:

CircleCI Pipeline Screenshot

How to build the demo?

Here's what you'll need to recreate this demo environment in Azure:

  1. Get an Azure Portal Account - First you'll need an appropriate account in Azure AD to be able to access Azure Portal and to configure Vault Dynamic Secrets.

    You should end up with something like this:

    CircleCI Pipeline Screenshot
  2. Enable the Azure Secrets Engine - Run this command:

    vault auth enable -path=azure_demo azure

    Then configure Vault according to our documentation: https://www.vaultproject.io/docs/secrets/azure/index.html

  3. Create a Policy for CircleCI - Create a policy to authorize your CircleCI project to read creds from Azure Secret Engine:

    path "azure_demo/creds/my_role" {
      capabilities = ["read"]
    }

    Attach the policy to your project in the configuration of Vault CircleCI Auth Plugin:

    vault write auth/vault-circleci-auth-plugin/map/projects/project_name value=policy_name
  4. Sign up for a Terraform Cloud Trial - Next we'll need a Terraform Cloud trial account.

  5. Configure CircleCI - If you don't already have an account, sign up here To make things easier, create an account with your Github Account :) Now, follow these steps :

    • Click on + Add Project:
      CircleCI Pipeline Screenshot
    • Select your project and click on Set Up Project:
      CircleCI Pipeline Screenshot
    • Finally, configure the environment variables in your project:
      CircleCI Pipeline Screenshot

Bravo!!!!, you're all set and ready to test the pipeline.

Special thanks

  • Marc Boudreau - For his amazing work creating vault CircleCI Auth plugin Github
  • Joern Stenkamp - For helping me figure out the TFE variables creation Github
  • Guy Barros - For working together on the windows VM on azure Github

Authors