Pull SPN creds(id, secret, tenant id, sub id)

Terraform
1

I am trying to pull secrets stored in az kv for TF SPN i would like to use to authenticate to TFE: I get cycle dependency errors: “Error: Cycle: data.azurerm_key_vault_secret.sub-id,…”
Is this even possible? if not any suggestions?

Azure Vault Data

data “azurerm_key_vault” “kv” {

name = “akv-terraform”

resource_group_name = “terraform”

}

#from azure vault

data “azurerm_key_vault_secret” “cl-id” {

name = “CLIENT-ID”

key_vault_id = “${data.azurerm_key_vault.kv.id}”

}

from azure vault

data “azurerm_key_vault_secret” “cl-sec” {

name = “CLIENT-SECRET”

key_vault_id = “${data.azurerm_key_vault.kv.id}”

}

from azure vault

data “azurerm_key_vault_secret” “sub-id” {

name = “SUBSCRIPTION-ID”

key_vault_id = “${data.azurerm_key_vault.kv.id}”

}

Fetch secret from azure vault

data “azurerm_key_vault_secret” “tenant-id” {

name = “TENANT-ID”

key_vault_id = “${data.azurerm_key_vault.kv.id}”

}

Azure Provider new creds used

provider “azurerm” {

features {}

subscription_id = “${data.azurerm_key_vault_secret.sub-id.value}”

client_id = “${data.azurerm_key_vault_secret.cl-id.value}”

client_secret = “${data.azurerm_key_vault_secret.cl-sec.value}”

tenant_id = “${data.azurerm_key_vault_secret.tenant-id.value}”

}

#TFE

terraform {

#provid

required_providers {

    azurerm = {

        source  = "hashicorp/azurerm"

        version = "=2.62.0"

    }

}

}

1 Like
2

It is not possible because there is no credentials to access keyvault. You must hardcode the cred.