OCVS VM's deployment using secure OCI Vault secrets for Credentials
Deploying OCVS VM's using OCI vault secrets for credentials In this blog , i am going to deploy VM's on OCVS(Oracle Cloud Vmware solution) which is first class citizen on OCI. For deployment we often need to pass vCenter credentials which is either encrypted using third party tools or plain text. Here i am going to leverage OCI Vault secrets to pass vCenter credentials during Terraform deployment. Access to OCI_Vault_secrets is secure and only authorised users can access it.
Here in this blog we will learn :
1) How to create secrets in OCI Vault
2) Leverage OCI terraform modules to get that credentials
3) Use credentials for OCVS VM deployment
Let's start with first step :
Create secrets in OCI Vault :
Login to OCI console ( https://cloud.oracle.com)
Go to Identity & Security and select Vault. Create vault using below steps mentioned in link : https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Tasks/managingvaults.htm
Once Vault is ready we need to select secrets and create Credentials in this format :
Here i have used "/" separator for username and password
Now our secrets are ready , now we need to use OCI terraform modules to get this password in plain text:
Here i have used OCI_vault_secrets module to get secret OCID.
then i have leveraged OCI_secrets_secretbundle to get secrets in base 64 encoded.
Then i have decoded passwords and saved in separated output.
I am going to use this as module and get all credentials in main.tf for VM deployment.
First step i am calling OCI_vault module to get all credentials.
Then i have vsphere provider for Vmware VM deployment from template.
Here i have leveraged Terraform remote-exec to install apache once VM is available.
In this way we have deployed VM's using OCI Vault secrets.
if you wish to download all tf files , please find below github link: