Question: How to Use Private Key in Semaphore Terraform Without Storing It in Git?

[kovalroma]

Question

Hi everyone,

I'm integrating my Terraform script with Semaphore (Docker). My Terraform code provisions a VM in Oracle Cloud, and according to the documentation, I need to pass the private key path.

However, I don't want to store my private key in the Git repository. Since Terraform requires a path to the key, I’m unsure how to securely pass it in Semaphore.

Does anyone have a workaround for this?

Here is an example from my *.tfvars file

private_key_path    = "access_key.pem"

Thanks in advance!

[ramorous]

I've accomplished this by using our cloud secret/password server's API to pull the secrets I need per project including the ssh key for our local VCS. I first stored the username/password and used external to retrieve a token, then curl with said token to fetch all the secrets I need dynamically.

[kovalroma]

Ok, I mount host folder to the container with key. And then use it. Not sure is it correct solution but it works.