vault secrets terraform Archives - For all your terraform needs https://terraformarchitect.com/tag/vault-secrets-terraform/ Automation cannot be an afterthought (TM) Wed, 28 Jul 2021 17:00:45 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 The Vault Provider in Terraform https://terraformarchitect.com/gcp-terraform/the-vault-provider-in-terraform/?utm_source=rss&utm_medium=rss&utm_campaign=the-vault-provider-in-terraform https://terraformarchitect.com/gcp-terraform/the-vault-provider-in-terraform/#respond Wed, 30 Dec 2020 15:48:54 +0000 http://terraformarchitect.com/?p=103 These are some notes from the field around using Vault and Terraform. Storing a Sample Secret in Vault – Resource vault_generic_secret provider "vault" { # It is strongly recommended to […]

The post The Vault Provider in Terraform appeared first on For all your terraform needs.

]]>
These are some notes from the field around using Vault and Terraform.

Storing a Sample Secret in Vault – Resource vault_generic_secret

provider "vault" {
  # It is strongly recommended to configure this provider through the
  # environment variables described above, so that each user can have
  # separate credentials set in the environment.
  #
  # This will default to using $VAULT_ADDR
  # But can be set explicitly
  # address = "https://vault.example.net:8200"
}

resource "vault_generic_secret" "example" {
  path = "secret/foo"

  data_json = <<EOT
{
  "foo":   "bar",
  "pizza": "cheese"
}
EOT
}

Backups of Vault Data

Vault uses Consul as the encrypted database.

consul snapshot will provide the ability to backup the consul db containing encrypted secrets

Authenticate to Vault ( Token Per User )

Users should authenticate to get Vault access. This can happen via github (configure github as the identity provider for Vault). Github will return a token that can be used by each user to authenticate themselves to Vault.

Vault Architecture on AWS (7 EC2 Instances on AWS)

A possible architecture may involve a  Bastion host and a couple of standby vault servers. The consul servers should ideally be separate (database servers). This would translate to 7 EC2 instances on AWS.

vault architecture
vault architecture




Need an experienced Cloud Networking or a Cloud Data Protection Expert?  Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.

The post The Vault Provider in Terraform appeared first on For all your terraform needs.

]]>
https://terraformarchitect.com/gcp-terraform/the-vault-provider-in-terraform/feed/ 0