How to parse secrets from API connect server using Terraform?

meniem
meniem
Community Member

Hey team,

I've set up the API connect server and I'm able to interact with vaults/items programmatically using Postman (using the URL/Token).

However, our objective is to fetch the Database password from the 1password vault using Terraform. But I have spent a couple of hours trying to do this with no luck :(

Note that I set the environment variable: export OP_CONNECT_TOKEN="foobar123"

Here is my TF manifest:

terraform {
  required_providers {
    onepassword = {
      source  = "1Password/onepassword"
      version = "1.1.1"
    }
  }
}

provider "onepassword" {
  url = "http://1.2.3.4:8080"
  token = "foobar123"
}

data "onepassword_item" "db_pass" {
  vault = "j7so6s2gbfcjh...."
  uuid  = "sg3bh7h37rd....."
}

resource "aws_db_instance" "default" {
  allocated_storage    = 10
  engine               = "mysql"
  engine_version       = "5.7"
  instance_class       = "db.t3.micro"
  name                 = "mydb"
  username             = "foo"
  password             = "${data.onepassword_item.db_pass.result}"
  parameter_group_name = "default.mysql5.7"
  skip_final_snapshot  = true
}

I got the below error:

password =  "${data.onepassword_item.example.result}"

This object has no argument, nested block, or exported attribute named "result". (Tried value as well, but didn't work out)

Appreciate your support on this, as we've 100s of DB prod passwords that should be managed by Terraform and they're saved on 1password vault.

Regards,


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi,

    To access the password for a database item from the datasource you would want to use

    password =  "${data.onepassword_item.example.password}"
    
This discussion has been closed.