From 45c9836c3b9ae4ea6eb020fa6f16ee9c099ce012 Mon Sep 17 00:00:00 2001 From: Atif Ali Date: Thu, 19 Jun 2025 16:05:37 +0500 Subject: [PATCH] delete`hcp-vault-secrets` module --- .../coder/modules/hcp-vault-secrets/README.md | 80 ------------------- .../coder/modules/hcp-vault-secrets/main.tf | 73 ----------------- 2 files changed, 153 deletions(-) delete mode 100644 registry/coder/modules/hcp-vault-secrets/README.md delete mode 100644 registry/coder/modules/hcp-vault-secrets/main.tf diff --git a/registry/coder/modules/hcp-vault-secrets/README.md b/registry/coder/modules/hcp-vault-secrets/README.md deleted file mode 100644 index bba62c7d..00000000 --- a/registry/coder/modules/hcp-vault-secrets/README.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -display_name: "HCP Vault Secrets" -description: "Fetch secrets from HCP Vault" -icon: ../../../../.icons/vault.svg -maintainer_github: coder -partner_github: hashicorp -verified: true -tags: [integration, vault, hashicorp, hvs] ---- - -# HCP Vault Secrets - -This module lets you fetch all or selective secrets from a [HCP Vault Secrets](https://developer.hashicorp.com/hcp/docs/vault-secrets) app into your [Coder](https://coder.com) workspaces. It makes use of the [`hcp_vault_secrets_app`](https://registry.terraform.io/providers/hashicorp/hcp/latest/docs/data-sources/vault_secrets_app) data source from the [HCP provider](https://registry.terraform.io/providers/hashicorp/hcp/latest). - -```tf -module "vault" { - source = "registry.coder.com/coder/hcp-vault-secrets/coder" - version = "1.0.7" - agent_id = coder_agent.example.id - app_name = "demo-app" - project_id = "aaa-bbb-ccc" -} -``` - -## Configuration - -To configure the HCP Vault Secrets module, follow these steps, - -1. [Create secrets in HCP Vault Secrets](https://developer.hashicorp.com/vault/tutorials/hcp-vault-secrets-get-started/hcp-vault-secrets-create-secret) -2. Create an HCP Service Principal from the HCP Vault Secrets app in the HCP console. This will give you the `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET` that you need to authenticate with HCP Vault Secrets. - ![HCP vault secrets credentials](../../.images/hcp-vault-secrets-credentials.png) -3. Set `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET` variables on the coder provisioner (recommended) or supply them as input to the module. -4. Set the `project_id`. This is the ID of the project where the HCP Vault Secrets app is running. - -> See the [HCP Vault Secrets documentation](https://developer.hashicorp.com/hcp/docs/vault-secrets) for more information. - -## Fetch All Secrets - -To fetch all secrets from the HCP Vault Secrets app, skip the `secrets` input. - -```tf -module "vault" { - source = "registry.coder.com/coder/hcp-vault-secrets/coder" - version = "1.0.7" - agent_id = coder_agent.example.id - app_name = "demo-app" - project_id = "aaa-bbb-ccc" -} -``` - -## Fetch Selective Secrets - -To fetch selective secrets from the HCP Vault Secrets app, set the `secrets` input. - -```tf -module "vault" { - source = "registry.coder.com/coder/hcp-vault-secrets/coder" - version = "1.0.7" - agent_id = coder_agent.example.id - app_name = "demo-app" - project_id = "aaa-bbb-ccc" - secrets = ["MY_SECRET_1", "MY_SECRET_2"] -} -``` - -## Set Client ID and Client Secret as Inputs - -Set `client_id` and `client_secret` as module inputs. - -```tf -module "vault" { - source = "registry.coder.com/coder/hcp-vault-secrets/coder" - version = "1.0.7" - agent_id = coder_agent.example.id - app_name = "demo-app" - project_id = "aaa-bbb-ccc" - client_id = "HCP_CLIENT_ID" - client_secret = "HCP_CLIENT_SECRET" -} -``` diff --git a/registry/coder/modules/hcp-vault-secrets/main.tf b/registry/coder/modules/hcp-vault-secrets/main.tf deleted file mode 100644 index 9a5e94be..00000000 --- a/registry/coder/modules/hcp-vault-secrets/main.tf +++ /dev/null @@ -1,73 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - coder = { - source = "coder/coder" - version = ">= 0.12.4" - } - hcp = { - source = "hashicorp/hcp" - version = ">= 0.82.0" - } - } -} - -provider "hcp" { - client_id = var.client_id - client_secret = var.client_secret - project_id = var.project_id -} - -provider "coder" {} - -variable "agent_id" { - type = string - description = "The ID of a Coder agent." -} - -variable "project_id" { - type = string - description = "The ID of the HCP project." -} - -variable "client_id" { - type = string - description = <<-EOF - The client ID for the HCP Vault Secrets service principal. (Optional if HCP_CLIENT_ID is set as an environment variable.) - EOF - default = null - sensitive = true -} - -variable "client_secret" { - type = string - description = <<-EOF - The client secret for the HCP Vault Secrets service principal. (Optional if HCP_CLIENT_SECRET is set as an environment variable.) - EOF - default = null - sensitive = true -} - -variable "app_name" { - type = string - description = "The name of the secrets app in HCP Vault Secrets" -} - -variable "secrets" { - type = list(string) - description = "The names of the secrets to retrieve from HCP Vault Secrets" - default = null -} - -data "hcp_vault_secrets_app" "secrets" { - app_name = var.app_name -} - -resource "coder_env" "hvs_secrets" { - # https://support.hashicorp.com/hc/en-us/articles/4538432032787-Variable-has-a-sensitive-value-and-cannot-be-used-as-for-each-arguments - for_each = var.secrets != null ? toset(var.secrets) : nonsensitive(toset(keys(data.hcp_vault_secrets_app.secrets.secrets))) - agent_id = var.agent_id - name = each.key - value = data.hcp_vault_secrets_app.secrets.secrets[each.key] -} \ No newline at end of file