hrmsk66/note.md

## note.md

      
    Raw
  

              note.md
            
          
    Templating VCL in Terraform to Avoid Embedding Secrets

1. Define Terraform Variables

We'll use AWS credentials in this example.
variables.tf

variable "aws_access_key" {
  description = "AWS Access Key"
  type        = string
  sensitive   = true
}

variable "aws_secret_key" {
  description = "AWS Secret Key"
  type        = string
  sensitive   = true
}
2. Templatize VCL Snippet

Use the ${...} syntax as placeholders for variables. It's not mandatory, but here I've used the same names like aws_access_key for clarity.
vcl/secrets.vcl

declare local var.awsAccessKey STRING;
declare local var.awsSecretKey STRING;

set var.awsAccessKey = "${aws_access_key}";
set var.awsSecretKey = "${aws_secret_key}";
3. Use templatefile in the Snippet Block

main.tf

locals {
  domain = "i-want-to-hide-secrets.global.ssl.fastly.net"
}

resource "fastly_service_vcl" "service" {
  name = local.domain

  // ... Other configuration ...

  snippet {
    content  = templatefile("${path.module}/vcl/secrets.vcl", {
      aws_access_key = var.aws_access_key
      aws_secret_key = var.aws_secret_key
    })
    name     = "secrets"
    type     = "recv"
    priority = 100
  }

  force_destroy = true
}
4. Apply Configuration with Variables

terraform apply -var="aws_access_key=xxx" -var="aws_secret_key=yyy"