Terraforming, with a little help from your friends
At present, it offers the following:
Encryption & decryption functionality. Run in either full or inline mode, and leveraging either a simple or Vault based encryption provider, this functionality provides the ability to encrypt and decrypt files such as terraform.tfstate files, as well as piped in output from commands such as terraform apply etc.
Masking functionality. If you don't want to encrypt sensitive data, but rather just mask it out with something like ***** then you can use the mask command instead. This can either be run over a file, or have the content piped into it.
For more details, and some examples of how to use it please see the example READMEs.
Additionally the blog post Securing Terraform State with Vault also provides more details and background as well.
NAME: terrahelp - Provides additional functions helpful with terraform development USAGE: terrahelp [global options] command [command options] [arguments...] VERSION: X.X.X AUTHOR(S): https://github.com/opencredo OpenCredo - Nicki Watt COMMANDS: vault-autoconfig Auto configures Vault with a basic setup to support encrypt and decrypt actions. encrypt Uses configured provider to encrypt specified content decrypt Uses configured provider to decrypt specified content mask Mask will overwrite sensitive data in output or files with a masked value (eg. ******). help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --help, -h show help --version, -v print the version
Install using Homebrew:
brew install terrahelp terrahelp -v
Manual Installation Using the Pre-Built Binaries
Available from the Terrahelp repository's releases page
The community has also made it available as a Terrahelp AUR package
macOS, Linux & *BSD
Download a binary, set the correct permissions, add to your PATH:
chmod +x terrahelp export PATH=$PATH:/wherever/terrahelp
And run it:
macOS Additional Step
terrahelp may be prevented from running if you downloaded it using a web browser. To fix this, remove the quarantine attribute before running again:
xattr -d com.apple.quarantine terrahelp
Not yet supported
Build from source
Install Go (Terrahelp is currently built against 1.16.x). The following official resources will guide you through your environment setup.
Clone the Terrahelp repository.
mkdir -p "$GOPATH/src/github.com/opencredo/" git clone https://github.com/opencredo/terrahelp.git "$GOPATH/src/github.com/opencredo/terrahelp" cd "$GOPATH/src/github.com/opencredo/terrahelp"
Terrahelp uses Go modules to manage it's dependencies. During Go's transition to switching on modules by default, Terrahelp is setup to buildusing the vendor directory. Supportive targets are prvoided to allow the vendor directory to be recreated if required.
Building and Executing
After a build has completed successfully a binary will be built and placed into a local bin directory. The following commands build and execute terrahelp.
make build ./bin/terrahelp -v
Installing and Executing
Installation places the binary in the
$GOPATH/bin directory. Assuming that the directory has been added to your
PATH, the following commands will install and execute Terrahelp.
make install terrahelp -v
Want to cross compile it?
The make file allows both OSX and Linux binaries to be created at the same time or individually.
The following commands show joint creation followed by OSX, (darwin) then Linux creation. All cross compiled binaries will be placed in a
make dist make darwin make linux
Clean your project
A number of work directories will have been created through the previous build steps. The local
dist directories will contain binaries.
The following command can be used to return the project back to a pre build state.
The following targets have been created to allow dependencies to be managed through Go modules. As mentioned before Terrahelp builds using the vendor directory.
- Downloads the dependencies to the Go modules cache.
- Adds missing and removes unused modules.
- Copies the dependencies into the local vendor directory.
- Removes the local vendor directory.
NOTE: The Makefile defines a variable called
BUILDARGS and this is currently set with
-mod=vendor. This instructs various go commands to use the vendor directory. This can be overridden to build to project using standard go module flows.
BUILDARGS='' make build
NOTE: This step should be performed after a new version of
terrahelp has been released.
Follow the instructions outlined in Submit a new version of an existing formula to update the version of
terrahelp installed by Brew.
For reference, the formula can be viewed in the homebrew-core repository here.