GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → joatmon08 → infrastructure-pipeline

joatmon08 / infrastructure-pipeline

Licence: other
An example pipeline for executing HashiCorp Terraform with ephemeral cloud provider credentials managed by HashiCorp Vault

Programming Languages

HCL
1544 projects
shell
77523 projects
Makefile
30231 projects

Labels

infrastructure-as-codehashicorp-vaulthashicorp-terraformsecrets-management

Projects that are alternatives of or similar to infrastructure-pipeline

gotf
Managing multiple environments with Terraform made easy
Stars: ✭ 25 (-43.18%)
Mutual labels:  infrastructure-as-code, hashicorp-terraform
Awesome Terraform
Curated list of resources on HashiCorp's Terraform
Stars: ✭ 2,618 (+5850%)
Mutual labels:  infrastructure-as-code, hashicorp-terraform
terraform-templates
Terraform templates, examples, etc.
Stars: ✭ 16 (-63.64%)
Mutual labels:  infrastructure-as-code, hashicorp-terraform
ggshield
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Stars: ✭ 1,272 (+2790.91%)
Mutual labels:  infrastructure-as-code, secrets-management
pico
A Git-driven task runner built to facilitate GitOps and Infrastructure-as-Code while securely passing secrets to tasks.
Stars: ✭ 51 (+15.91%)
Mutual labels:  infrastructure-as-code, hashicorp-vault
home-lab
Documentation and configurations for my home lab
Stars: ✭ 41 (-6.82%)
Mutual labels:  infrastructure-as-code
humble
Just a humble project
Stars: ✭ 53 (+20.45%)
Mutual labels:  infrastructure-as-code
aws-cdk-starter
No description or website provided.
Stars: ✭ 31 (-29.55%)
Mutual labels:  infrastructure-as-code
schema-registry-gitops
Manage Confluent Schema Registry subjects through Infrastructure as code
Stars: ✭ 36 (-18.18%)
Mutual labels:  infrastructure-as-code
terraform-vsphere-single-vm
Deploy single vSphere VM with Terraform - template.
Stars: ✭ 21 (-52.27%)
Mutual labels:  infrastructure-as-code
cdk-collections
AWS Infra as Code(akka. AWS CDK) example collections
Stars: ✭ 19 (-56.82%)
Mutual labels:  infrastructure-as-code
vault-quickstart
Some shell scripts to get vault up and running as quickly as possible
Stars: ✭ 11 (-75%)
Mutual labels:  hashicorp-vault
NetCore.HashiCorp.Vault
Securing with HashiCorpVault in Kubernetes
Stars: ✭ 17 (-61.36%)
Mutual labels:  hashicorp-vault
teamcity-hashicorp-vault-plugin
TeamCity plugin to support HashiCorp Vault
Stars: ✭ 23 (-47.73%)
Mutual labels:  hashicorp-vault
vault-demo
Walkthroughs and scripts for my @hashicorp Vault talks
Stars: ✭ 67 (+52.27%)
Mutual labels:  hashicorp-vault
privnote-cli
🔑 the power of privnote.com in your terminal
Stars: ✭ 43 (-2.27%)
Mutual labels:  secrets-management
ansible-unity
Ansible Modules for Dell EMC Unity
Stars: ✭ 19 (-56.82%)
Mutual labels:  infrastructure-as-code
POSH-HPEOneView
PowerShell language bindings library for HPE OneView.
Stars: ✭ 116 (+163.64%)
Mutual labels:  infrastructure-as-code
Zyborg.Vault
PowerShell bindings for HashiCorp Vault
Stars: ✭ 18 (-59.09%)
Mutual labels:  hashicorp-vault
terraform-provider-hsdp
Terraform provider to orchestrate various HSDP resources like IAM, CDL, CDR, MDM, Container Host, Edge, etc
Stars: ✭ 26 (-40.91%)
Mutual labels:  infrastructure-as-code
View All Similar Projects ➔

An Example Infrastructure Pipeline

This example uses:

  • Amazon Web Services
  • GitHub Actions
  • Terraform 0.14+
  • Vault 1.5+
  • HashiCorp Cloud Platform Vault (managed Vault offering)
  • Terraform Cloud (for configuring Vault, uses vault/ directory)

The infrastructure pipeline runs Terraform to create a PostgreSQL database in AWS. It securely retrieves secrets from HashiCorp Vault.

Diagram with HCP Vault, AWS, and peered connection

Usage

  1. In your CLI, set the Vault address, token, and namespace.

    $ export VAULT_ADDR=
$ export VAULT_TOKEN=
$ export VAULT_NAMESPACE=

  2. Get Vault secret ID.

    $ make get-secret

  3. Go to the GitHub repository's secrets.

  4. Set the following repository secrets:

    1. VAULT_ADDR: address of Vault
    2. VAULT_NAMESPACE: admin
    3. VAULT_ROLE_ID: infrastructure-pipeline
    4. VAULT_SECRET_ID: add secret ID from CLI

  5. Make changes to this repository to execute Terraform.

Notes

  1. The GitHub Actions workflow accesses Vault over public internet. To access Vault over private connection, you will want to deploy a self-hosted runner or GitHub Enterprise. Vault configures the PostgreSQL database over a private connection.

  2. The demo uses HashiCorp Cloud Platform. You can substitute the Vault endpoint with your own Vault instance, as long as it can connect to AWS.## Requirements

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].