Deploy in Azure from Terraform and Key vault secret

Written by

Setup.sh

# Read a secret from Azure Key Vault

secret="$(az keyvault secret show --vault-name upidev --name docker-container-pass --query value)"
echo $secret
secret="$secret" | jq -r
echo $secret

Terraform main.tf

provider "azurerm" {
  subscription_id = var.subscription_id
  features {}
}

# Resource group
resource "azurerm_resource_group" "example" {
  name     = "example-rg-up"
  location = "West Europe"
}

variables.tf

variable "subscription_id" {
 type        = string
 description = ""
 sensitive   = true # if not mentioned will be visible in the output log of the command
}

Command to run

terraform plan -var subscription_id=36d1be19-9bea-4c73-900c-f92cd5ec2d17

We include the command in the bash script to get the subscription id

# Get subscription id
subscription_id=$(az account show --query id)
subscription_id=$(echo $subscription_id | jq -r)

terraform plan -var subscription_id=$subscription_id