Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the option to store and use secrets in fivetran terraform via external secret manager #343

Open
JordyHeusdensDT opened this issue Aug 7, 2024 · 0 comments
Assignees
Labels
enhancement New feature or request

Comments

@JordyHeusdensDT
Copy link

JordyHeusdensDT commented Aug 7, 2024

Is your feature request related to a problem? Please describe.
There is currently no way to properly use and store a secret securly while using the fivetran terraform provider. You have the next options currently as far as I know:

  • Store secret in code. This is obviously bad as the code will be stored in git/code as plain text.
  • Store secret as environment variable. This is already better than the previous option, but the secret is then still stored as plain text in the state. Which means everyone that has access to the state can see the secret.

Describe the solution you'd like
It would be interesting that Fivetran creates a new resource. This resource would be based (as inspiration) on GCP Secret Manager and AWS Secret Manager. E.g.

resource "fivetran_secret" "secret" {
  id = "fivetran_secret"
}

resource "fivetran_connector" "connector" {
  group_id = XXX
  service    = "oracle_hva"
  ....
  
  config {
     user = "test_user"
     ....
     password = fivetran_secret.secret.id
  }
}

The resource fivetran_secret would then make it possible to store a secret in Fivetran SAAS. The user can then manually fill in the secret via the fivetran UI, which makes sure it is securly stored (like now with the connector via the UI). Only e.g. admins would then have access to the secret. fivetran_connector would then store the fivetran_secret.secret.id in state and would fetch at run time the secret so that it is still stored securly.

Describe the use-cases if possible
Savely store secrets by using the fivetran provider.

@JordyHeusdensDT JordyHeusdensDT added the enhancement New feature or request label Aug 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants