Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Terraform Cookbook

You're reading from   Terraform Cookbook Efficiently define, launch, and manage Infrastructure as Code across various cloud platforms

Arrow left icon
Product type Paperback
Published in Oct 2020
Publisher Packt
ISBN-13 9781800207554
Length 366 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Mikael Krief Mikael Krief
Author Profile Icon Mikael Krief
Mikael Krief
Arrow right icon
View More author details
Toc

Table of Contents (10) Chapters Close

Preface 1. Setting Up the Terraform Environment 2. Writing Terraform Configuration FREE CHAPTER 3. Building Dynamic Environments with Terraform 4. Using the Terraform CLI 5. Sharing Terraform Configuration with Modules 6. Provisioning Azure Infrastructure with Terraform 7. Deep Diving into Terraform 8. Using Terraform Cloud to Improve Collaboration 9. Other Books You May Enjoy

Generating passwords with Terraform

When provisioning infrastructure with Terraform, there are some resources that require passwords in their properties, such as VMs and databases.

To ensure better security by not writing passwords in clear text, you can use a Terraform provider, which allows you to generate passwords.

In this recipe, we will discuss how to generate a password with Terraform and assign it to a resource.

Getting ready

In this recipe, we need to provision a VM in Azure that will be provisioned with an administrator password generated dynamically by Terraform.

To do this, we will base ourselves on an already existing Terraform configuration that provisions a VM in Azure.

The source code for this recipe is available at https://github.com/PacktPublishing/Terraform-Cookbook/tree/master/CHAP02/password.

How to do it…

Perform the following steps:

  1. In the Terraform configuration file for the VM, add the following code:
resource "random_password" "password" {
length = 16
special = true
override_special = "_%@"
}
  1. Then, in the code of the resource itself, modify the password property with the following code:
resource "azurerm_virtual_machine" "myterraformvm" {
name = "myVM"
location = "westeurope"
resource_group_name = azurerm_resource_group.myterraformgroup.name
network_interface_ids = [azurerm_network_interface.myterraformnic.id]
vm_size = "Standard_DS1_v2"
....
os_profile {
computer_name = "vmdemo"
admin_username = "admin"
admin_password = random_password.password.result
}
....
}

How it works…

In step 1, we added the Terraform random_password resource from the random provider, which allows us to generate strings according to the properties provided. These will be sensitive, meaning that they're protected by Terraform.

Then, in step 2, we used its result (with the result property) in the password property of the VM.

The result of executing the terraform plan command on this code can be seen in the following screenshot:

As we can see, the result is sensitive value.

Please note that the fact a property is sensitive in Terraform means that it cannot be displayed when using the Terraform plan and apply commands in the console output display.

On the other hand, it will be present in clear text in the Terraform state file.

See also

You have been reading a chapter from
Terraform Cookbook
Published in: Oct 2020
Publisher: Packt
ISBN-13: 9781800207554
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image