Comments (6)
👋 thanks for creating an issue!
Via confluent_api_key.secret it is possible to access the key's secret but how to access the key (name, e.g. "AB6CD2EFGHIJK1LM") itself? confluent_api_key.key as suggested in other tickets doesn't work. Please also add this to the documentation.
That's kinda similar to #30 (we'll add it to our docs in our next release!), you basically need to use .id
attribute like this:
resource "confluent_kafka_topic" "orders" {
...
credentials {
key = confluent_api_key.app-manager-kafka-api-key.id
secret = confluent_api_key.app-manager-kafka-api-key.secret
}
}
BTW: It would also be a good idea to mention in the documentation that the secret itself can be read out and stored e.g. in a key-vault if human access is required.
sure, could you expand on that a little bit?
from terraform-provider-confluent.
@neuweiler could you share more details about:
BTW: It would also be a good idea to mention in the documentation that the secret itself can be read out and stored e.g. in a key-vault if human access is required
Sure, usually it's best practice not to store the key and its secret anywhere and just use confluent_api_key to configure other resources in the cloud on-the-fly (via TF). But in our case, we also need to configure a server that can't be managed via TF and the key/secret need to be configured by hand by an admin. In order to give the admin access to this information, we use this fragment to store it in a Azure KeyVault where only admin get access to (via Azure Portal) :
resource "azurerm_key_vault_secret" "connect-xyz-consumer-key" {
key_vault_id = data.azurerm_key_vault.vault.id
name = "connect-xyz-consumer-key"
value = confluent_api_key.xyz-consumer-key.id
}
resource "azurerm_key_vault_secret" "connect-xyz-consumer-secret" {
key_vault_id = data.azurerm_key_vault.vault.id
name = "connect-xyz-consumer-secret"
value = confluent_api_key.xyz-consumer-key.secret
}
from terraform-provider-confluent.
Added id
to the list of exported attributes of confluent_api_key
resource:
in the latest 0.8.1
release.
@neuweiler could you share more details about:
BTW: It would also be a good idea to mention in the documentation that the secret itself can be read out and stored e.g. in a key-vault if human access is required
from terraform-provider-confluent.
@linouk23 something I have noticed - on a lot of your docs is that you are putting (required String) or (optional) on attributes referenced. from the terraform docs naming convention you don't put that on the description of any listed in the reference section as they are all references
from terraform-provider-confluent.
@Marcus-James-Adams that sounds interesting, could you expand on that? I didn't quite understand it:
from the terraform docs naming convention you don't put that on the description of any listed in the reference section as they are all references
Update: I see now, I wonder whether this additional data is still helpful or you'd rather see just their types though (without required / optional).
from terraform-provider-confluent.
@neuweiler we're happy to let you know we've just released 0.9.0
version of TF Provider that fixes this issue in our docs.
from terraform-provider-confluent.
Related Issues (20)
- Is it possible to get Kafka `credentials` from `confluent_kafka_cluster`? HOT 1
- Stale resource due to terraform provider upgrade HOT 4
- Schema diff can match against an earlier version of the schema
- RBAC support for "DataDiscovery" in Terraform HOT 2
- Is it possible to set a topic schema within `confluent_kafka_topic`? HOT 1
- Incompatible schemas, and Client.Timeout while contacting schema registry corrupt tfstate file during apply HOT 2
- Creating and managing user groups HOT 2
- Feature request - support default values for topic config items after expert mode edit
- Upon mirror topic creation, have the option to not store credentials in the Terraform state file.
- Add support for new topic configuration fields - message.timestamp.after.max.ms and message.timestamp.before.max.ms HOT 6
- Schema not found when importing a schema in a 20000+ schemas in Schema Registry HOT 3
- Request: allow export of API keys with confluent_tf_importer HOT 1
- Support importing network,schema registry,tgw attachment resources using Resource Importer
- confluent_tag_binding resource should support entity_name updates for sr_record and sr_field HOT 1
- custom connector deployment and generic API error
- Alias argument for confluent_subject_config resource HOT 7
- confluent_kafka_topic attributes aren't exported, but doc says they are HOT 2
- Support showing that schema_identifier is going to be updated for confluent_schema resource during plan HOT 2
- `rest_endpoint` is not (correctly) imported when importing a migrated `confluent_mirror_topic` into a `confluent_topic` HOT 11
- GCS connector resource HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-confluent.