GitHub Actions to deploy Terraform

I am trying to setup GitHub Actions for execute a terraform template.

My confusion is - how do I provide *.tfvars file which has aws credentials. (I can’t check-in these files).

What’s the best practice to share the variable’s values expected by terraform commands like plan or apply where they need aws_access_key and aws_secret_key.

Here is my GitHub project - [https://github.com/samtiku/terraform-ec2](GitHub Project)

Can anybody help here.

1 Like

I actually just setup my project today to do just that. I ended up having to slightly modify my main.tf but below is my current setup. I know it’s not using the shared creds file but hopefully this will help you and your project.
main.tf

provider "aws" {
  region     = "us-east-1"
  access_key = var.AWS_ACCESS_KEY_ID
  secret_key = var.AWS_SECRET_ACCESS_KEY
}

vars.tf

---output omitted---
variable "AWS_ACCESS_KEY_ID" {}
variable "AWS_SECRET_ACCESS_KEY" {}
---output omitted---

I use environment variables on my laptop which are both prepended with TF_VAR_ by Terraform standards when reading in variables.

Then I have my secrets prepended with TF_VAR_ on Github as well.

**github secrets**
TF_VAR_AWS_ACCESS_KEY_ID="mykeyid"
TF_VAR_AWS_SECRET_ACCESS_KEY="mykey"

Below is a snippet from my gitlab actions file using those secrets.

     - name: 'Terraform Init'
        uses: hashicorp/terraform-github-actions@master
        with:
          tf_actions_working_dir: prod
          tf_actions_version: 0.12.13
          tf_actions_subcommand: 'init'
          tf_actions_comment: true
        env:
          TF_VAR_AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          TF_VAR_AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
1 Like

Hi @castironclay,

Thanks a ton.
Its resolved. I could successfully build now. :slight_smile:

1 Like