This is an example stack configuration for the private preview of Terraform Stacks. Language constructs and features are subject to change given feedback received during this preview. Do not use Stacks for production workloads at this time.
An example Terraform Stack that demonstrates pulling static credentials from Vault or HCP Vault (via OpenID Connect / Vault's JWT auth engine) for GitHub, to then provision a GitHub repository.
Two components are used:
secretsuses a data-only module to connect to Vault/HCP Vault and retrieve a pre-populated, static GitHub token.repositoriesuses the token pulled from thesecretscomponent to create a dummy GitHub repository.
We do not recommend using this example within production accounts. This example will incur [small] costs if provisioned. Please remember to destroy the infrastructure after using this example.
Prerequisites: You must have a Terraform Cloud account with access to the private preview of Terraform Stacks, a GitHub account, and an AWS account with Terraform Cloud configured as an OIDC identity provider. Details of all of this are found in the provided Stacks User Guide.
- Configure Vault authentication by configuring Vault's JWT secrets engine and a role with a trust policy allowing the role to be assumed by Terraform Cloud. More details on this step can be found in the Stacks User Guide.
- Fork this repository to your own GitHub account, such that you can edit this stack configuration for your purposes.
- Edit your forked stack configuration and change
deployments.tfdeploy.hclto use the correct values. - Create a new stack in Terraform Cloud and connect it to your forked configuration repository.
- Provision away!