I am trying to make terraform cloud work with oci provider in remote execution mode.
Existing examples for aws provider handles authentication with variables in terraform cloud workspace (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY stored as text).
oci provider needs an api key to authenticate the user, usually the path to the private key is declared in the provider block. Obviously the remote execution do not work as it can’t find the private key file associated with the user: this file lives only on the user’s workstation by default.
It is not clear for me if other cloud providers are supported or not in remote execution mode, and if it is the case I would like to know what is the best approach to configure the oci provider with terraform cloud remote backend execution.
Any provider can be used with remote execution, indeed! You’ve correctly identified that providing the private_key_path does not work, as this path does not exist when execution is being done remotely in Terraform Cloud (as opposed to your local machine).
Instead, you should configure a sensitive workspace variable in Terraform Cloud with your key and directly reference the key in your OCI provider block via private_key. The key is then stored safely in Terraform Cloud and used in your remote execution (invoked from your local command line!).
Great. Thank you for the confirmation about not having limitation related to the provider. Being fairly new to the remote backend, and as documentation is not explicitly stating that it works with all supported providers, I started thinking about that.
Will try the sensible workspace variable + private_key instead of private_key_path and let you know!