Develop and document better way to configure and add secrets to the Toolkit
Currently users will need to add in their secrets manually in various places and forms to allow both Ansible and Terraform to authenticate against the specific Cloud Provider. Different parts of each need this authentication to be in a certain form as well.
As such, we should explore an easier way for users to provide their config and secrets safely for both tools. This will include updating the docs to call out this process.
The current config and secrets that need to be tackled are:
- Terraform Provider - Configures Terraform to speak to specific Cloud Provider. Requires authentication and location details. Can be passed in file or as multiple environment variables. Supports variable interpolation.
- Terraform Backend - Configures Terraform to store state in remote location (key for teams). Config is dependent on specific remote backend service. Requires authentication and bucket details. No variable interpolation allowed - must be hardcoded. Can be passed as env vars though.
- Terraform Scripts - The actual scripts for setting up the environment need to be present in disk in some form. Each environment requires it's own folder as a workspace. Work is underway to reduce the files users need to specify on disk but there will still need to be some.
- Ansible Inventory (dynamic or static) - Configures Ansible on where to find boxes along with how to reach and authenticate into them. Also contains variables specific to the environment. While authentication details specifically can be passed as environment variables the inventory config itself requires files.
Edited by Grant Young