You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Terraform OCI Provider Cycle error when attempt to source user_ocid and fingerprint from OCI Vault

in OCI - General

Product / Component: Oracle Cloud Infrastructure – Terraform Provider Version: oracle/oci >= 6.0.0 / 7.31.0 Environment: Local execution (Linux), later planned for GitHub Actions CI/CD Region: us-ashburn-1 (iad)

Requirement / Business Goal:

We want to follow security best practices and eliminate static API key credentials (user_ocid + fingerprint) from Terraform configuration files and tfvars.

The goal is to store only the user_ocid and fingerprint in OCI Vault secrets and have the Terraform OCI provider authenticate using those Vault values, while keeping tenancy_ocid, region, and private_key_path as-is (hardcoded or from tfvars).

What we tried:

  1. Direct use in provider block:

hcl 

user_ocid   = base64decode(data.oci_secrets_secretbundle.user_ocid_bundle.secret_bundle_content[0].content) fingerprint = base64decode(data.oci_secrets_secretbundle.fingerprint_bundle.secret_bundle_content[0].content)

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!