I am trying to setup GitHub Actions for execute a terraform template.
My confusion is - how do I provide *.tfvars file which has aws credentials. (I can’t check-in these files).
What’s the best practice to share the variable’s values expected by terraform commands like plan or apply where they need aws_access_key and aws_secret_key.
Here is my GitHub project - [https://github.com/samtiku/terraform-ec2](GitHub Project)
Can anybody help here.
I actually just setup my project today to do just that. I ended up having to slightly modify my main.tf but below is my current setup. I know it’s not using the shared creds file but hopefully this will help you and your project.
main.tf
provider "aws" {
region = "us-east-1"
access_key = var.AWS_ACCESS_KEY_ID
secret_key = var.AWS_SECRET_ACCESS_KEY
}
vars.tf
---output omitted---
variable "AWS_ACCESS_KEY_ID" {}
variable "AWS_SECRET_ACCESS_KEY" {}
---output omitted---
I use environment variables on my laptop which are both prepended with TF_VAR_ by Terraform standards when reading in variables.
Then I have my secrets prepended with TF_VAR_ on Github as well.
**github secrets**
TF_VAR_AWS_ACCESS_KEY_ID="mykeyid"
TF_VAR_AWS_SECRET_ACCESS_KEY="mykey"
Below is a snippet from my gitlab actions file using those secrets.
- name: 'Terraform Init'
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_working_dir: prod
tf_actions_version: 0.12.13
tf_actions_subcommand: 'init'
tf_actions_comment: true
env:
TF_VAR_AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
TF_VAR_AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
Hi @castironclay,
Thanks a ton.
Its resolved. I could successfully build now. 