For a build using Terraform to deploy some infrastructure, I have a bunch of secrets, such as SSH keys. By default Terraform allows you to pass in these values via environment variables, such as TF_VAR_ssh_private_key. Perfect for Drone I thought.
Following http://docs.drone.io/manage-secrets/#alternate-names I defined a build step like this
pipeline:
terraform_plan_k8s:
image: hashicorp/terraform:light
secrets:
- source: aws_access_key_id
target: AWS_ACCESS_KEY_ID
- source: aws_secret_access_key
target: AWS_SECRET_ACCESS_KEY
- source: ssh_public_key
target: TF_VAR_ssh_public_key
- source: ssh_private_key
target: TF_VAR_ssh_private_key
commands:
- terraform init
- terraform get -update
- terraform plan -out env-k8s-${DRONE_COMMIT_SHA}.plan
It was my impression that alternate names for secrets would allow you to peruse naming schemes diverging from the usual transformation to uppercase names.
Executing the step, and adding in an env call to the commands reveals the transformation produces TF_VAR_SSH_PRIVATE_KEY instead of expected TF_VAR_ssh_private_key.
Is this intended behaviour?