Book Image

Getting Started with Terraform

By : Kirill Shirinkin
Book Image

Getting Started with Terraform

By: Kirill Shirinkin

Overview of this book

Terraform is a tool used to efficiently build, configure, and improve production infrastructure. It can manage existing infrastructure as well as create custom in-house solutions. This book shows you when and how to implement infrastructure as a code practices with Terraform. It covers everything necessary to set up complete management of infrastructure with Terraform, starting with the basics of using providers and resources. This book is a comprehensive guide that begins with very small infrastructure templates and takes you all the way to managing complex systems, all using concrete examples that evolve over the course of the book. It finishes with the complete workflow of managing a production infrastructure as code – this is achieved with the help of version control and continuous integration. At the end of this book, you will be familiar with advanced techniques such as multi-provider support and multiple remote modules.
Table of Contents (15 chapters)
Getting Started with Terraform
About the Author
About the Reviewer
Customer Feedback

Protecting secrets in a Git repository

Terraform doesn't provide any built-in way of securing your state file. Neither is there a way to secure only some part of it or even provide encrypted data inside your templates. And it's a shame because sooner or later you will have to use some kind of secrets with your templates: passwords, API keys, and others. If you plan to store your state file in the git repository, it's important to protect it. The easiest solution is to encrypt the whole state file, store the encrypted version in the repository, and distribute the key for decryption with your team members.

You could make this task easier with the help of a tool named terrahelp. Terrahelp is a small CLI written in Go that simplifies the encryption and decryption of your Terraform state files (and not only the state files). It has a nice integration with Vault, yet another HashiCorp tool, this time in order to manage secrets. Don't worry, we won't use Vault, it's rather a complex tool that deserves...