A Terraform credentials helper for 1Password.
Credentials helpers offer an alternative approach that allows you to customize how Terraform obtains credentials using an external program, which can then directly access an existing secrets management system in your organization.
- Requires jq to be installed.
- Requires 1Password CLI to be installed and logged in to your account.
op signin
- Download the
terraform-credentials-opfile from this repository, and copy it to your global plugins path~/.terraform.d/plugins.
# Run the following in a Bourne compatible shell (Linux and MacOS):
mkdir -p ~/.terraform.d/plugins/ && \
wget https://raw.githubusercontent.com/razorsedge/terraform-credentials-op/main/terraform-credentials-op \
-O ~/.terraform.d/plugins/terraform-credentials-op && \
chmod +x ~/.terraform.d/plugins/terraform-credentials-op
- Edit your Terraform CLI configuration to enable the helper:
# Run the following in a Bourne compatible shell (Linux and MacOS):
echo "credentials_helper "op" {}" >>~/.terraformrc
- Use
terraform loginto create a Terraform Cloud token and store it in your keychain.
$ terraform login
Terraform will request an API token for app.terraform.io using your browser.
If login is successful, Terraform will store the token in the configured
"op" credentials helper for use by subsequent commands.
Do you want to proceed?
Only 'yes' will be accepted to confirm.
Enter a value: yes
---------------------------------------------------------------------------------
Terraform must now open a web browser to the tokens page for app.terraform.io.
If a browser does not open this automatically, open the following URL to proceed:
https://app.terraform.io/app/settings/tokens?source=terraform-login
---------------------------------------------------------------------------------
Generate a token using your browser, and copy-paste it into this prompt.
Terraform will store the token in the configured "op" credentials helper
for use by subsequent commands.
Token for app.terraform.io:
Enter a value:
Retrieved token for user xxxxxx
---------------------------------------------------------------------------------
-
----- -
--------- --
--------- - -----
--------- ------ -------
------- --------- ----------
---- ---------- ----------
-- ---------- ----------
Welcome to Terraform Cloud! - ---------- -------
--- ----- ---
Documentation: terraform.io/docs/cloud -------- -
----------
----------
---------
-----
-
New to TFC? Follow these steps to instantly apply an example configuration:
$ git clone https://github.com/hashicorp/tfc-getting-started.git
$ cd tfc-getting-started
$ scripts/setup.sh
- You can remove the stored token with
terraform logout.
$ terraform logout
Removing the stored credentials for app.terraform.io from the configured
"op" credentials helper.
Success! Terraform has removed the stored API token for app.terraform.io.