Introduction
This article demonstrates how to authenticate with Artifactory to download Terraform modules from a remote Terraform repository without embedding credentials directly in the credentials.tfrc.json file. Instead, we will use environment variables for authentication, offering a more secure method to access the Terraform repository.
1. Create a Terraform Remote Repository in Artifactory. In this example, I have created a repository named demo-terraform-repository.
2. Next, follow the "Set Me Up" instructions provided in the repository to configure the content in the terraform.rc and .tf files.
3. Below, I’m sharing the configurations of the terraform.rc file and the main .tf file used in my environment.
Terrformrc file:
provider_installation {
direct {
exclude = ["registry.terraform.io/*/*"]
}
network_mirror {
url = "https://artifactory.jfrog.io/artifactory/api/terraform/demo-terraform-repository/providers/"
}
}
Main.tf file:
module "kms" {
source = "artifactory.jfrog.io/demo-terraform-repository__terraform-module/kms/aws"
}
4. Afterward, export the access token as mentioned below.
export TF_TOKEN_artifactory_jfrog_io=<ACCESS_TOKEN>
5. Once the access token is set, run terraform init to initialize the configuration, which will download the required module from Artifactory. I’ve included a screenshot from my environment below.
terraform init
From Artifactory UI:
By following these steps, you can securely authenticate with Artifactory to download Terraform modules without directly embedding credentials in the configuration files. Using environment variables for authentication enhances the security of your Terraform setup.