Hi,
Is there any way to specify which credentials to use when retrieving a module from a private module registry, which is CI/CD friendly? Something that doesn’t involve a CLI Configuration File, or an interactive terraform login.
Something like:
terraform login -token="TOKEN.atlasv1.TOKEN"
Which is the best practice, of retrieving modules, from a private module registry during a terraform init in CI/CD (this case Azure Pipelines)? Since a CLI Configuration File isn’t optimal in a CI/CD system and so isn’t terraform login, because it’s interactive.
If the answer still is a CLI Configuration File, how should it then be implemented to accept parameter values etc? Without the need to create a file on the machine during build time and replace text in that one (or any other incidence in a way similiar of this). That seems a bit “workaround-ish”, and not very clean.
As always thankful for all input!
Best regards
Hi @aleqsss,
I think the best answer with Terraform’s current features is to generate a temporary CLI configuration file that lives within the workspace of your current CI job and then use the TF_CLI_CONFIG_FILE environment variable to make Terraform read that file instead of the default CLI configuration.
That does involve generating a file, but generating files is something we tend to expect automation to be able to do, similarly to generating backend configuration files and .tfvars files.
Terraform doesn’t have built-in features for templating the CLI configuration file because there are numerous existing solutions for generating files from templates, including – for simple cases like this – shell interpolation.
Thank you for your informative reply @apparentlymart. I’ll take in consideration the current “limitations” of Terraform in this manner.
Good to know what’s possible and not, when implementing the workflow.
Best regards
