Hello,
I need to create resources in Boundary using Terraform. I’ve been using the Boundary provider in Terraform and, up to this point, have used admin password and token for authentication. However, I understand that these tokens have a lifespan of only 7 days, which isn’t ideal for my needs.
I’m exploring more permanent solutions for authenticating the Boundary provider with Terraform. I’m looking for a method that is both secure and sustainable over a longer period.
Thank you in advance!
Hello,
We’ve begun preliminary work on “app tokens” which should solve this problem holistically including the ability to set a future expiration time of up to three yrs. With that said, there isn’t a release date for the feature at this point and it will be quite some time before it’s ready.
In the meantime, your current use of password auth for the TF provider is the best path forward. Each time the provider connects, it will get a new auth token for the TF run.
Thank you for the reply.
If I only use password without supplying token in provider resource, I get “kind”:“Unauthenticated”, “message”:“Unauthenticated, or invalid token.”}
here is my provider looks like:
provider "boundary" {
addr = "myboundary_address"
auth_method_login_name = "admin"
auth_method_password = var.boundary_password
auth_method_id = "{auth_method_id}"
}
I checked roles for this admin account and it has full access. It will work if I supply the outputted token from the CLI when logging in as admin user and password as below.
provider "boundary" {
addr = "myboundary_address"
auth_method_login_name = "admin"
auth_method_password = var.boundary_password
auth_method_id = "{auth_method_id}"
token = "{outputted_token_from_cli}"
}
What am I missing here?
@lucardcoder don’t need any token here.
Just auth_method_login_name = “admin” and auth_method_password = var.boundary_pass works for me
If you’re using the Community edition, you can also use the recovery KMS method which authenticates per-call so it never has an expiration issue.