This provider was forked from the now-defunct camptocamp/terraform-provider-pass and took some inspirational patches from another fork which is based on the 2.x releases.
This provider adds integration between Terraform and Pass and Gopass password stores.
Pass is a password store using gpg to encrypt password and git to version. Gopass is a rewrite of the pass password manager in Go with the aim of making it cross-platform and adding additional features.
Download the provider source code
$ git clone https://github.com/digipost/terraform-provider-pass.git
Enter the provider directory and build the provider
$ cd terraform-provider-pass
$ make
After building the provider, install it using the Terraform instructions for installing a third party provider or in-house providers.
provider "pass" {
store_dir = "/srv/password-store" # defaults to $PASSWORD_STORE_DIR
refresh_store = false # do not call `git pull`
}
resource "pass_password" "test" {
path = "secret/foo"
password = "0123456789"
data = {
zip = "zap"
}
}
data "pass_password" "test" {
path = "${pass_password.test.path}"
}
The provider takes the following arguments:
store_dir
- (Optional) Path to your password store, defaults to$PASSWORD_STORE_DIR
refresh_store
- (Optional) Boolean whether to callgit pull
when configuring the provider, defaults totrue
The resource takes the following arguments:
path
- Full path from which a password will be readpassword
- Secret passworddata
- (Optional) Additional secret data
The following attributes are exported:
path
- Full path from which the password was readpassword
- Secret passworddata
- Additional secret databody
- Raw secret data if not YAMLfull
- Entire secret contents
The data source takes the following arguments:
path
- Full path from which a password will be read
The following attributes are exported:
path
- Full path from which the password was readpassword
- Secret passworddata
- Additional secret databody
- Raw secret data if not YAMLfull
- Entire secret contents