Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support HCL files #292

Open
sixfeetover opened this issue Jan 25, 2018 · 17 comments
Open

Support HCL files #292

sixfeetover opened this issue Jan 25, 2018 · 17 comments

Comments

@sixfeetover
Copy link

Would love to see support for HCL. HCL is used for a lot of configuration files as part of the Hashicorp stack (Vault, Terraform, etc).

@jvehent
Copy link
Contributor

jvehent commented Jan 26, 2018

We don't use HCL at Mozilla, so it's unlikely we'll write support for it. However, we're happy to help review patches from the community.

@negz
Copy link

negz commented Jan 27, 2018

Note that all HCL can be represented as JSON (i.e. you can configure at least Terraform using JSON rather than HCL). We use sops to decrypt JSON files and pass those to Terraform, i.e.:

terraform apply -var-file=<(sops -d secret.tfvars.json)

There are also some HCL to JSON (and vice versa) converters around that might help workaround this use case.

@carlpett
Copy link
Contributor

@sixfeetover @negz As another Terraform solution, I just created https://github.com/carlpett/terraform-sops, which lets you use a sops-encrypted file as a data source

@sixfeetover
Copy link
Author

@carlpett Oh, very clever 👍

@jvehent
Copy link
Contributor

jvehent commented Jun 21, 2018

This is awesome! @autrilla: could we host this under sops/terraform and add a use-case examples in the examples folder?

@autrilla
Copy link
Contributor

@jvehent yeah, that'd be great, as long as @carlpett is OK with having their work go in our repo.

@starkers
Copy link

I'd really like to use sops for .tfvars files specifically..

Although yes its perfectly possible to implement a fancy hcl2json > sops process its just ugly and because of json we loose the ability to put comments in etc..

@carlpett
Copy link
Contributor

@autrilla I'd be perfectly fine with that, but I think a better goal would be to have it hosted in the "official third-party" organization terraform-providers. That way, it'll be possible to download automatically, rather than doing a manual install.

@starkers I actually started off by looking at that, but found this approach seemed easier to use to me. But maybe I missed something! How was your intended workflow?

@negz
Copy link

negz commented Jun 25, 2018

@starkers Take a look at #292 (comment) - Terraform will happily load JSON encoded tfvars files.

From https://github.com/hashicorp/hcl:

The API for HCL allows JSON as an input so that it is also machine-friendly (machines can generate JSON instead of trying to generate HCL).

@autrilla
Copy link
Contributor

@carlpett yeah, that sounds better. Do you know what the process looks like to get it included there?

@so0k
Copy link

so0k commented Aug 3, 2018

@carlpett thanks for sharing, as we were already using mozilla/sops - your provider allows our infra team to easily git clone and terraform apply without having to worry about custom make rules or tfvars

I did have to do the following to get this working on OSX:

go get github.com/carlpett/terraform-sops
mv $GOPATH/bin/terraform-sops $HOME/.terraform.d/plugins/terraform-provider-sops

@abeluck
Copy link

abeluck commented Feb 1, 2019

@carlpett any progress on getting terraform-sops hosted with terraform-providers? What needs to be done to make that happen?

@carlpett
Copy link
Contributor

carlpett commented Feb 1, 2019

Thanks for poking on this @abeluck, I had let it slip for quite a while. Back when this discussion was started, the "Terraform Provider Development Program" was just about to start, and there was no clear way to enroll in it. I see now though that it is possible to sign up via a web form, so I'll get on it :)
If Hashicorp agrees it is useful, there will be a bit of reviewing and adapting things (mainly repo structure, I think) so they mesh well with their automation.

@binlab
Copy link

binlab commented Mar 14, 2020

It will be nice to have

@robertwe
Copy link

hi everyone, do we have any update on this issue?

@abeluck
Copy link

abeluck commented Jun 30, 2022

@robertwe

sops has no builtin support for HCL files.

If you're using terraform you can use @carlpett's terraform-provider-sops to load sops files (json or yaml) into terraform. It works very well.

Also shout out to terragrunt which lets you decrypt sops files as part of your terraform+terragrunt workflow.

@robertwe
Copy link

@abeluck thx for info. I'm aware of that. I also considered this option.
There is also a possibility to load yaml file directly in terraform.
The deal is I was searching for some super simple solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

10 participants