terraform-credentials-gcs

Terrafrom credentials helper for Google Cloud Storage

terraform-credentials-gcs is a Terraform "credentials helper" plugin that allows providing credentials for Terraform-native services (private module registries, Terraform Cloud, etc) publish in private Google Cloud Storage bucket.

To use it, download a release archive and extract it into the ~/.terraform.d/plugins directory where Terraform looks for credentials helper plugins. (The filename of the file inside the archive is important for Terraform to discover it correctly, so don't rename it).

Terraform will take the newest version of the plugin it finds in the plugin search directory, so if you are switching between versions you may prefer to remove existing installed versions in order to ensure Terraform selects the desired version.

Once you've installed the plugin, enable it by adding the following block to your Terraform CLI configuration: credentials_helper "gcs" {}.

This credentials helper plugin does not take any additional arguments, so the block must be left empty as shown above.

To enable authentication on Google Cloud Storage, use at least:

• Use gcloud with gcloud auth login --update-adc --no-launch-browser
• export GOOGLE_APPLICATION_CREDENTIALS=/path/to/your/service/account/file.json: file path
• export GOOGLE_CREDENTIALS=$(cat /path/to/your/service/account/file.json | tr -d "\n"): file content

This will provided authentication to golang.org/x/oauth2/google wich understand these methods. See https://cloud.google.com/docs/authentication/production.

This helper will store credentials for registries in $HOME/.config/terraform-credentials-gcs.