{"id":12,"date":"2023-06-06T05:35:55","date_gmt":"2023-06-06T05:35:55","guid":{"rendered":"https:\/\/www.digitalray.com\/blog\/?p=12"},"modified":"2023-06-06T05:48:17","modified_gmt":"2023-06-06T05:48:17","slug":"securing-terraform-secrets-with-vault-v1-secret-store-using-ldap-authentication","status":"publish","type":"post","link":"https:\/\/www.digitalray.com\/blog\/securing-terraform-secrets-with-vault-v1-secret-store-using-ldap-authentication\/","title":{"rendered":"Securing Terraform Secrets with Vault v1 Secret Store Using LDAP authentication"},"content":{"rendered":"\n

Sometimes you have a vault server where the only authentication option is an LDAP user name and password. Here we demonstrate how you can use your LDAP authentication to pull vault secrets into terraform. Note: The following code fetches a v1 secret from vault.<\/p>\n\n\n\n

Vault provider used with LDAP Username and Password in terraform to get v1 secret<\/em>
main.tf<\/strong><\/p>\n\n\n\n

terraform {\n  required_providers {\n    vault = {\n      version = \">= 3.15.0\"\n    }\n  }\n}\n\n# Vault provider to use with username and password\nprovider \"vault\" {\naddress = \"https:\/\/vault.localhost\" \nskip_child_token = true \nauth_login {\n  path = \"auth\/ldap\/login\/${var.VAULT_USER }\"\n  parameters = { password: var.VAULT_PASSWORD } \n  } \n}\n\ndata \"vault_generic_secret\" \"secret\" {\npath = \"kv-v1\/full\/path\/to\/secret\/store\"\n}\n\n# Use in code via data.vault_generic_secret.secret.data[\"some_key\"]<\/code><\/pre>\n\n\n\n
variables.tf<\/strong><\/p>\n\n\n\n
variable \"VAULT_PASSWORD\" {\n   type = string\n   description = \"Environment variable for vault ldap password that will be used as TF_VAR_VAULT_PASSWORD\" \n \n} \nvariable \"VAULT_USER\" { \n  \n  type = string\n  description = \"Environment variable for vault ldap user that will be used as TF_VAR_VAULT_USER\"  \n}<\/code><\/pre>\n\n\n\n
env_vars.sh<\/strong><\/p>\n\n\n\n
export TF_VAR_VAULT_USER=username\nexport TF_VAR_VAULT_PASSWORD=somepassword\nexport VAULT_SKIP_VERIFY=1 # If vault ssl cert is sefl-signed<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Sometimes you have a vault server where the only authentication option is an LDAP user name and password. Here we demonstrate how you can use your LDAP authentication to pull vault secrets into terraform. Note: The following code fetches a v1 secret from vault. Vault provider used with LDAP Username and Password in terraform to … Continue reading “Securing Terraform Secrets with Vault v1 Secret Store Using LDAP authentication”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,5],"tags":[],"_links":{"self":[{"href":"https:\/\/www.digitalray.com\/blog\/wp-json\/wp\/v2\/posts\/12"}],"collection":[{"href":"https:\/\/www.digitalray.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.digitalray.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.digitalray.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.digitalray.com\/blog\/wp-json\/wp\/v2\/comments?post=12"}],"version-history":[{"count":2,"href":"https:\/\/www.digitalray.com\/blog\/wp-json\/wp\/v2\/posts\/12\/revisions"}],"predecessor-version":[{"id":14,"href":"https:\/\/www.digitalray.com\/blog\/wp-json\/wp\/v2\/posts\/12\/revisions\/14"}],"wp:attachment":[{"href":"https:\/\/www.digitalray.com\/blog\/wp-json\/wp\/v2\/media?parent=12"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.digitalray.com\/blog\/wp-json\/wp\/v2\/categories?post=12"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.digitalray.com\/blog\/wp-json\/wp\/v2\/tags?post=12"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}