Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Python script to extract generated TLS certificates and keys from a Terraform state
import errno
import json
import os
import os.path
tf_state_path = os.path.join(os.path.dirname(__file__), "..", "terraform.tfstate")
tf_state_file = open(tf_state_path, 'rb')
tf_state = json.load(tf_state_file)
tf_state_file.close()
cert_output_path = os.path.join(os.path.dirname(__file__), "..", "certs")
root_resources = [mod["resources"] for mod in tf_state["modules"] if mod["path"] == ["root"]][0]
root_cert = root_resources["tls_self_signed_cert.root"]
root_cert_pem = root_cert["primary"]["attributes"]["cert_pem"]
issued_certs = {i: r for i, r in root_resources.iteritems() if r["type"] == "tls_locally_signed_cert"}
for resource_id, cert in issued_certs.iteritems():
name = resource_id[len("tls_locally_signed_cert."):]
attrs = cert["primary"]["attributes"]
cert_pem = attrs["cert_pem"]
cert_dir = os.path.join(cert_output_path, name)
try:
os.makedirs(cert_dir)
except OSError as exc:
if exc.errno == errno.EEXIST:
pass
else:
raise
cert_file = open(os.path.join(cert_dir, name + ".crt"), 'w')
cert_file.write(cert_pem)
cert_file.close()
cert_file = open(os.path.join(cert_dir, "ca.crt"), 'w')
cert_file.write(root_cert_pem)
cert_file.close()
cert_file = open(os.path.join(cert_dir, name + "-chained.crt"), 'w')
cert_file.write(cert_pem)
cert_file.write(root_cert_pem)
cert_file.close()
# If we also generated our own key for this certificate,
# (as opposed to just being given a CSR from elsewhere)
# then we'll write that out too, so we have all the
# information needed to configure a server.
if "tls_private_key." + name in root_resources:
key_resource = root_resources["tls_private_key." + name]
key_pem = key_resource["primary"]["attributes"]["private_key_pem"]
cert_file = open(os.path.join(cert_dir, name + ".key"), 'w')
cert_file.write(key_pem)
cert_file.close()
@alevikpes

This comment has been minimized.

Copy link

alevikpes commented Aug 16, 2017

Thanks for the article. It works for me great after minor changes. Also adapted your python code for Python3 here.

@mburns

This comment has been minimized.

Copy link

mburns commented Dec 5, 2018

fwiw, https://gist.github.com/alevikpes/546a7be292b51e08a8cf341d18475d64 is the corrected link for the python3 fork.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.