Configuring Terraform
The Terraform configuration files, such as .tf files, are typically located within the executable directory or subdirectories. Therefore, executing the Terraform configuration commands in the specific directory is necessary.
To make an executable directory:
-
Create an
example.tffile in the directory containing the Terraform executable. -
Place the content into the
example.tffile from:-
secrets_get.tffile: for retrieving a multiple secret. -
secret_create.tffile: for creating or updating a secret.You can find these files in the terraform-provider-tss>examples>secrets directory.
These files are only for reference on how to fetch or create secrets. You can use the content of the files as a guide to make your actual .tf file. -
-
Update the Terraform and the
terraform-provider-tssversions in the terraform block of theexample.tffile according to your terraform and yourterraform-provider-tssversions: -
Create a terraform.tfvars file in the directory containing the Terraform executable.
-
Place the variables into the file with the appropriate values corresponding to getting, creating, or updating a secret.
You can find the list of variables in the terraform-provider-ts>vars>secrets directory. -
Variables for getting a secret by ID:
tss_username = "username"tss_password = "password"tss_server_url = "https://example/SecretServer"tss_secret_id = ["1", "2", "3"] -
Variables to create/update a secret:
-
Variables for getting a secret via the Platform by ID:
-
Variables for creating/updating a secret via the Platform:
terraform {
required_version = "1.5.2"
required_providers {
tss = {
source = "DelineaXPM/tss"
version = "2.0.4"
}
}
}Using the direct Secret Server instance
If you want to access the Secret Server instance directly without the platform, provide the Secret Server URL as an input to tss_server_url and the Secret Server user credentials to tss_username and tss_password.
Examples of commands for possible variables:
tss_username = "username"
tss_password = "password"
tss_server_url = "https://example/SecretServer"
tss_secret_name = "Windows Account"
tss_secret_siteid = 1
tss_secret_folderid = 0
tss_secret_templateid = 6000
fields = [
{
fieldname = "Machine"
itemvalue = "hostname/ip"
},
{
fieldname = "Username"
itemvalue = "my_app_user"
},
{
fieldname = "Password"
itemvalue = "password"
},
{
fieldname = "Notes"
itemvalue = ""
}
]Using the Platform instance
To access the Secret Server via the platform, provide the platform URL as input to tss_server_url and the platform user credentials to tss_username and tss_password.
tss_username = "my_platform_app_user"
tss_password = "password"
tss_server_url = "https://platform.delinea.app"
tss_secret_id = ["1", "2", "3"]
tss_username = "my_platform_app_user "
tss_password = "password"
tss_server_url = "https://platform.delinea.app"
tss_secret_name = "Windows Account"
tss_secret_siteid = 1
tss_secret_folderid = 0
tss_secret_templateid = 6003
fields = [
{
fieldname = "Machine"
itemvalue = "hostname/ip"
},
{
fieldname = "Username"
itemvalue = "my_app_user"
},
{
fieldname = "Password"
itemvalue = "Passw0rd."
},
{
fieldname = "Notes"
itemvalue = ""
}
]To create variables for supporting the different secret template:
-
In Secret Server, go to the Administration panel > Secret Templates and select the necessary template.
-
Replace the
tss_secret_templateidvalue with the template ID. You can see the ID in the URL when you select any template in Secret Server. -
Select the Fields tab.
-
Based on the template fields, you can add or update a field (using the field name and the item value) as per the examples above in steps 5.a and 5.b.
The above example has four fields in the template, but the number of fields can vary from template to template.
-
If you want to remove some field entries, you can use the fields array.
After completing the configuration instructions above, the Terraform executable directory should look like this:
The “Terraform Destroy” command internally calls the Delete resource function (dataSourceSecretDelete), which disables the secret in the Secret Server.
