Azure - How to prevent leak from my provider access_key while using Terraform

Weac
September 22, 2023
156 views
0 votes
2 Answers

I came to an issue, I did not found any great documentation on the way to avoid setting the backend configuration or the access_key of Terraform out of the source code.

Is this the best way ? : Hashicorp Terraform Remote State and Azure

Any one have a great solution for it ?

backend "azurerm" {
  resource_group_name  = "tfstate"
  storage_account_name = "<storage_account_name>"
  container_name       = "tfstate"
  key                  = "terraform.tfstate"
  access_key           = "value" # This is a bad value to expose
}

Have a good day.

Answers

- KrzysztofMadej
- September 22, 2023 at 3:19 pm
- 0 votes
0
You can leverage TF_VAR_name

Environment variables can be used to set variables. The environment variables must be in the format TF_VAR_name and this will be checked last for a value.

So you need to create variable "access_key" and then set environment variable TF_VAR_access_key and assign your access key.

Your terraform code will be
```
backend "azurerm" {
  resource_group_name  = "tfstate"
  storage_account_name = "<storage_account_name>"
  container_name       = "tfstate"
  key                  = "terraform.tfstate"
  access_key           = var.access_key
}
```
and your pipeline
```
- bash: |
     # run terraform here
  env:
    TF_VAR_access_key: $(access_key) 
```
access_key should be stored as secret in variable group, or loaded from key vault.
Login or Signup to reply.

- uttamjaiswal86
- September 22, 2023 at 7:56 pm
- 0 votes
0
Have you tried hashicorp offering called vault , specially designed to take care secrets, identity and others sensitive information.
Official website:-
https://www.vaultproject.io/

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Azure – How to prevent leak from my provider access_key while using Terraform

Answers