Using chamber with terraform tip #117
Description
Just want to say thank you for chamber. It has made adopting aws parameter store a breeze for us.
Terraform expects variables to be passed via the environment like this TF_VAR_the_variable
I have lots of terraform modules that expect a database password or some secret. I put the secrets in parameter store under a /terraform/ namespace. I can then inject secrets into terraform at run time with this simple script called terrachamber
#!/usr/bin/env ruby
# Takes a terraform / terragrunt command as an argument.
# Uses a system call to grab terraform secrets from AWS parameter store via chamber
# Injects those secrets into the environment in the terraform variable format i.e TF_VAR_the_variable
# Performs a system call of the argument array that is passed
#
# Usage Examples
#
# terrachamber terraform apply
# terrachamber terragrunt apply --terragrunt-source-update
# aws-vault exec dev-admin -- terrachamber terraform apply
#
require 'json'
JSON.parse(`chamber export terraform`).each {|k,v| ENV["TF_VAR_#{k}"] = v}
system(*ARGV)This may help someone else. But this is also a feature request :)
If you could chose the output format of chamber that would be wonderful. e.g I could do the above natively with chamber if it supported a key prefix and if it supported the ability to not capitalise the environment variables.
Something like:
chamber exec --prefix TF_VAR_ --no-capitalise namespace -- terraform apply
That would take my secrets:
/terraform/database_password
/terraform/big_secret
And export them like this:
TF_VAR_database_password
TF_VAR_big_secret
This may be beyond the scope of chamber. But it already supports json output etc.
Thanks!