AWS aws_iam_access_key - Where/How to save the secret

RyanW8 · February 25, 2021, 4:51pm

Hey all,

So I’d like to manage our AWS IAM users using terraform. Part of this is creating users with programmatic access (Access Key & Secret Key). How would I accomplish this using terraform? I can use https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key

but where would it save the Access/Secret key? In the state file? Is it possible to save this elsewhere (I don’t want it to print to stdout as we run this in a pipeline).

Fairly new to terraform so help will be appreciated

stuart-c · February 25, 2021, 7:38pm

The community IAM module at GitHub - terraform-aws-modules/terraform-aws-iam: Terraform module which creates IAM resources on AWS can be used to wrap some of the common IAM functionality into easier to use methods.

One of the options for the aws_iam_access_key resource allows you to supply a PGP key. The access key is then returned as an encrypted string.

Alternatively you could store the values in Vault by using the Vault Terraform provider.

Note that if you are using the unencrypted secret key (i.e. are not passing in a PGP key to use) you must treat the state file with care as it will now contain all the cleartext keys - ensure access to your remote state is correctly restricted as well as handling of your local state cache.

Topic		Replies	Views
Terraform IAM secret key decode AWS	0	302	September 16, 2022
How to decrypt IAM user password using terraform AWS	0	764	December 15, 2021
Aws_iam_access_key with KMS Terraform	1	489	September 28, 2020
Handling SSH auth in Terraform Cloud Terraform	2	320	June 8, 2023
Where exactly do I put my AWS access key and secret key when using Terraform Cloud? AWS	1	4110	February 10, 2020

AWS aws_iam_access_key - Where/How to save the secret

Related topics