confluent_api_key : how to retrieve the key itself about terraform-provider-confluent HOT 6 CLOSED

👋 thanks for creating an issue!

Via confluent_api_key.secret it is possible to access the key's secret but how to access the key (name, e.g. "AB6CD2EFGHIJK1LM") itself? confluent_api_key.key as suggested in other tickets doesn't work. Please also add this to the documentation.

That's kinda similar to #30 (we'll add it to our docs in our next release!), you basically need to use .id attribute like this:

resource "confluent_kafka_topic" "orders" {
...
  credentials {
    key    = confluent_api_key.app-manager-kafka-api-key.id
    secret = confluent_api_key.app-manager-kafka-api-key.secret
  }
}

BTW: It would also be a good idea to mention in the documentation that the secret itself can be read out and stored e.g. in a key-vault if human access is required.

sure, could you expand on that a little bit?

from terraform-provider-confluent.

@neuweiler could you share more details about:

BTW: It would also be a good idea to mention in the documentation that the secret itself can be read out and stored e.g. in a key-vault if human access is required

Sure, usually it's best practice not to store the key and its secret anywhere and just use confluent_api_key to configure other resources in the cloud on-the-fly (via TF). But in our case, we also need to configure a server that can't be managed via TF and the key/secret need to be configured by hand by an admin. In order to give the admin access to this information, we use this fragment to store it in a Azure KeyVault where only admin get access to (via Azure Portal) :

resource "azurerm_key_vault_secret" "connect-xyz-consumer-key" {
key_vault_id = data.azurerm_key_vault.vault.id
name = "connect-xyz-consumer-key"
value = confluent_api_key.xyz-consumer-key.id
}

resource "azurerm_key_vault_secret" "connect-xyz-consumer-secret" {
key_vault_id = data.azurerm_key_vault.vault.id
name = "connect-xyz-consumer-secret"
value = confluent_api_key.xyz-consumer-key.secret
}

from terraform-provider-confluent.

Added id to the list of exported attributes of confluent_api_key resource:

in the latest 0.8.1 release.

@neuweiler could you share more details about:

BTW: It would also be a good idea to mention in the documentation that the secret itself can be read out and stored e.g. in a key-vault if human access is required

from terraform-provider-confluent.

@linouk23 something I have noticed - on a lot of your docs is that you are putting (required String) or (optional) on attributes referenced. from the terraform docs naming convention you don't put that on the description of any listed in the reference section as they are all references

from terraform-provider-confluent.

@Marcus-James-Adams that sounds interesting, could you expand on that? I didn't quite understand it:

from the terraform docs naming convention you don't put that on the description of any listed in the reference section as they are all references

Update: I see now, I wonder whether this additional data is still helpful or you'd rather see just their types though (without required / optional).

from terraform-provider-confluent.

@neuweiler we're happy to let you know we've just released 0.9.0 version of TF Provider that fixes this issue in our docs.

from terraform-provider-confluent.