264 lines
6.2 KiB
Markdown
264 lines
6.2 KiB
Markdown
# Environment Variables Reference
|
|
|
|
This document provides a complete reference for all environment variables supported by the Edge Connect Terraform provider.
|
|
|
|
## Supported Environment Variables
|
|
|
|
| Variable | Type | Required | Description |
|
|
|----------|------|----------|-------------|
|
|
| `EDGE_CONNECT_ENDPOINT` | string | Yes | The Edge Connect API endpoint URL |
|
|
| `EDGE_CONNECT_TOKEN` | string | Conditional* | API token for authentication |
|
|
| `EDGE_CONNECT_USERNAME` | string | Conditional* | Username for authentication |
|
|
| `EDGE_CONNECT_PASSWORD` | string | Conditional* | Password for authentication |
|
|
|
|
\* Either `EDGE_CONNECT_TOKEN` OR both `EDGE_CONNECT_USERNAME` and `EDGE_CONNECT_PASSWORD` must be provided.
|
|
|
|
## Quick Start
|
|
|
|
### Token Authentication
|
|
|
|
```bash
|
|
export EDGE_CONNECT_ENDPOINT="https://api.edge-connect.example.com"
|
|
export EDGE_CONNECT_TOKEN="your-api-token-here"
|
|
|
|
terraform init
|
|
terraform plan
|
|
terraform apply
|
|
```
|
|
|
|
### Username/Password Authentication
|
|
|
|
```bash
|
|
export EDGE_CONNECT_ENDPOINT="https://api.edge-connect.example.com"
|
|
export EDGE_CONNECT_USERNAME="your-username"
|
|
export EDGE_CONNECT_PASSWORD="your-password"
|
|
|
|
terraform init
|
|
terraform plan
|
|
terraform apply
|
|
```
|
|
|
|
## Configuration Precedence
|
|
|
|
The provider reads configuration in the following order (highest to lowest precedence):
|
|
|
|
1. **Explicit Configuration** - Values set directly in the provider block
|
|
2. **Environment Variables** - Values from environment variables
|
|
3. **Default Values** - Provider defaults (if any)
|
|
|
|
### Example: Precedence in Action
|
|
|
|
```hcl
|
|
provider "edge-connect" {
|
|
endpoint = "https://api.example.com" # This value is used
|
|
# token will be read from EDGE_CONNECT_TOKEN environment variable
|
|
}
|
|
```
|
|
|
|
If `EDGE_CONNECT_TOKEN` is set in the environment, it will be used for the token even though it's not specified in the configuration.
|
|
|
|
## Usage Patterns
|
|
|
|
### 1. Pure Environment Variable Configuration
|
|
|
|
No explicit configuration needed in Terraform files:
|
|
|
|
```hcl
|
|
provider "edge-connect" {}
|
|
```
|
|
|
|
All configuration comes from environment variables.
|
|
|
|
### 2. Mixed Configuration
|
|
|
|
Some values explicit, others from environment:
|
|
|
|
```hcl
|
|
provider "edge-connect" {
|
|
endpoint = "https://api.edge-connect.example.com"
|
|
# token, username, and password from environment variables
|
|
}
|
|
```
|
|
|
|
### 3. Override Environment Variables
|
|
|
|
Explicit configuration overrides environment variables:
|
|
|
|
```hcl
|
|
provider "edge-connect" {
|
|
endpoint = "https://api.edge-connect.example.com"
|
|
token = var.edge_connect_token # Overrides EDGE_CONNECT_TOKEN
|
|
}
|
|
```
|
|
|
|
## Shell Integration
|
|
|
|
### Bash/Zsh Profile
|
|
|
|
Add to `~/.bashrc` or `~/.zshrc`:
|
|
|
|
```bash
|
|
# Edge Connect API Configuration
|
|
export EDGE_CONNECT_ENDPOINT="https://api.edge-connect.example.com"
|
|
export EDGE_CONNECT_TOKEN="your-token"
|
|
```
|
|
|
|
### direnv (Recommended)
|
|
|
|
Create a `.envrc` file in your project directory:
|
|
|
|
```bash
|
|
# .envrc
|
|
export EDGE_CONNECT_ENDPOINT="https://api.edge-connect.example.com"
|
|
export EDGE_CONNECT_TOKEN="your-token"
|
|
```
|
|
|
|
Enable direnv:
|
|
```bash
|
|
direnv allow
|
|
```
|
|
|
|
Now environment variables are automatically loaded when you enter the directory.
|
|
|
|
### CI/CD Systems
|
|
|
|
#### GitHub Actions
|
|
|
|
```yaml
|
|
- name: Terraform Apply
|
|
env:
|
|
EDGE_CONNECT_ENDPOINT: ${{ secrets.EDGE_CONNECT_ENDPOINT }}
|
|
EDGE_CONNECT_TOKEN: ${{ secrets.EDGE_CONNECT_TOKEN }}
|
|
run: |
|
|
terraform init
|
|
terraform apply -auto-approve
|
|
```
|
|
|
|
#### GitLab CI
|
|
|
|
```yaml
|
|
terraform:
|
|
script:
|
|
- terraform init
|
|
- terraform apply -auto-approve
|
|
variables:
|
|
EDGE_CONNECT_ENDPOINT: $EDGE_CONNECT_ENDPOINT
|
|
EDGE_CONNECT_TOKEN: $EDGE_CONNECT_TOKEN
|
|
```
|
|
|
|
#### Jenkins
|
|
|
|
```groovy
|
|
withEnv([
|
|
"EDGE_CONNECT_ENDPOINT=https://api.edge-connect.example.com",
|
|
"EDGE_CONNECT_TOKEN=${env.EDGE_CONNECT_TOKEN}"
|
|
]) {
|
|
sh 'terraform init'
|
|
sh 'terraform apply -auto-approve'
|
|
}
|
|
```
|
|
|
|
## Secret Management Integration
|
|
|
|
### AWS Secrets Manager
|
|
|
|
```bash
|
|
export EDGE_CONNECT_TOKEN=$(aws secretsmanager get-secret-value \
|
|
--secret-id edge-connect/token \
|
|
--query SecretString \
|
|
--output text)
|
|
```
|
|
|
|
### HashiCorp Vault
|
|
|
|
```bash
|
|
export EDGE_CONNECT_TOKEN=$(vault kv get -field=token secret/edge-connect)
|
|
```
|
|
|
|
### Azure Key Vault
|
|
|
|
```bash
|
|
export EDGE_CONNECT_TOKEN=$(az keyvault secret show \
|
|
--name edge-connect-token \
|
|
--vault-name my-vault \
|
|
--query value -o tsv)
|
|
```
|
|
|
|
### Google Secret Manager
|
|
|
|
```bash
|
|
export EDGE_CONNECT_TOKEN=$(gcloud secrets versions access latest \
|
|
--secret="edge-connect-token")
|
|
```
|
|
|
|
## Security Best Practices
|
|
|
|
1. **Never commit credentials to version control**
|
|
- Use `.gitignore` for files containing secrets
|
|
- Use environment variables or secret management systems
|
|
|
|
2. **Use appropriate permissions**
|
|
- Restrict access to environment files
|
|
- Use IAM roles and policies in cloud environments
|
|
|
|
3. **Rotate credentials regularly**
|
|
- Update environment variables when rotating tokens
|
|
- Use automated rotation with secret management systems
|
|
|
|
4. **Use token authentication in production**
|
|
- More secure than username/password
|
|
- Easier to rotate and scope
|
|
|
|
5. **Audit credential usage**
|
|
- Log when credentials are accessed
|
|
- Monitor for unauthorized usage
|
|
|
|
## Troubleshooting
|
|
|
|
### Check if environment variables are set:
|
|
|
|
```bash
|
|
env | grep EDGE_CONNECT
|
|
```
|
|
|
|
### Verify values (mask sensitive data):
|
|
|
|
```bash
|
|
echo "Endpoint: $EDGE_CONNECT_ENDPOINT"
|
|
echo "Token: ${EDGE_CONNECT_TOKEN:0:5}..." # Show only first 5 chars
|
|
```
|
|
|
|
### Clear environment variables:
|
|
|
|
```bash
|
|
unset EDGE_CONNECT_ENDPOINT
|
|
unset EDGE_CONNECT_TOKEN
|
|
unset EDGE_CONNECT_USERNAME
|
|
unset EDGE_CONNECT_PASSWORD
|
|
```
|
|
|
|
### Common Issues
|
|
|
|
**Problem:** Provider can't find credentials
|
|
|
|
**Solution:** Verify environment variables are set in the current shell:
|
|
```bash
|
|
env | grep EDGE_CONNECT
|
|
```
|
|
|
|
**Problem:** Wrong credentials being used
|
|
|
|
**Solution:** Check for explicit configuration overriding environment variables, or verify the correct environment variables are set.
|
|
|
|
## Examples
|
|
|
|
See the [authentication/](authentication/) directory for complete examples:
|
|
|
|
- `env-vars.tf` - Pure environment variable configuration
|
|
- `env-vars-token.sh` - Shell script for token authentication
|
|
- `env-vars-userpass.sh` - Shell script for username/password authentication
|
|
|
|
## Additional Resources
|
|
|
|
- [Authentication Examples](authentication/README.md) - Detailed authentication documentation
|
|
- [Provider Configuration](README.md) - Main examples README
|