Azure _ Create a temporary password for Terraform Cloud
Posted By : Anshuman Abhishek | 26-Nov-2020
In AWS and GCP there are options to create temporary credentials/password which can be used in terraform cloud. But in Azure, this temporary credentials/keys feature is not available.
But we create a temporary Service Principal or Managed Service Identity using a bash script. Let’s see how
Also Read: Cloud Providers Comparision AWS Vs Google Vs Azure
- Install Terraform
Run the below commands to install
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install terraform
- Install Azure CLI
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
Then log in to your Azure account using
az login
- Create a Bash Script
#!/usr/bin/env bash
# Load config file and common packages file
. variables
#check variables are set or not
if [ -v $USER ] || [ -v $PASSWORD ] || [ -v $ARM_SUBSCRIPTION_ID ] || [ -v $EXPIRYTIME ]; then
echo "Set All Values in Config file: EXITING"
exit 1
fi
#To login into main account
az login -u $USER -p $PASSWORD
#This will create a user
values=$(az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$ARM_SUBSCRIPTION_ID")
#Parse JSON Values
ARM_CLIENT_ID=`echo $values | jq '.appId'`
ARM_CLIENT_SECRET=`echo $values | jq '.password'`
ARM_TENANT_ID=`echo $values | jq '.tenant'`
#Remove double quotes
ARM_CLIENT_ID=$(eval echo $ARM_CLIENT_ID)
ARM_CLIENT_SECRET=$(eval echo $ARM_CLIENT_SECRET)
ARM_TENANT_ID=$(eval echo $ARM_TENANT_ID)
#Set time
dateformat='date -d "+ '${EXPIRYTIME}' minutes" +"%Y-%m-%dT%H-%M-%S+00:00"'
expiry=$(eval "${dateformat}")
echo $expiry
#Set expiry
az ad app credential reset --id $ARM_CLIENT_ID --password $ARM_CLIENT_SECRET --end-date $expiry
#To check the expiry date and time uncomment the below line
#az ad app credential list --id $ARM_CLIENT_ID
#Export env variables
export ARM_CLIENT_ID
export ARM_CLIENT_SECRET
export ARM_SUBSCRIPTION_ID
export ARM_TENANT_ID
- Set variables
#Time in minutes
USER=''"
PASSWORD=''"
ARM_SUBSCRIPTION_ID=""
EXPIRYTIME=30
- Run Script
bash scriptname.sh
#it will generate the required keys
- Check credentials
We can verify the credentials using below commands
az login --service-principal -u CLIENT_ID -p CLIENT_SECRET --tenant TENANT_IDaz vm list-sizes --location westusaz account list-locationsaz logout
We have vast experience in cloud computing services and we let you seamlessly deploy your Java to other applications on platforms like AWS, Azure, and Google Cloud.
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Anshuman Abhishek
He has experience in Linux, Kubernetes, and different open source application. He has also worked on different clouds like IBM and AWS.