How to Use Private Terraform Module Repos on Azure DevOps
Вставка
- Опубліковано 10 лют 2025
- EPISODE 34 -
In this episode, we'll setup an Azure DevOps repository as a private module library that we can use to host our modules that will be shared across multiple projects.
=== AUDIO WARNING ===
Early on, when I first started creating content I would sometimes forget to convert my microphone audio feed from mono to stereo. This produces an effect where only one speaker produces audio. Sorry about that!
Follow me on Twitter for quick code snippets and thoughts on Cloud, Automation and other things!
/ marktinderholt
Keep the knowledge flowing!
www.buymeacoff...
Source Code:
github.com/mar...
Other Providers
TLS (registry.terra...)
Local (registry.terra...)
Terraform Resource List:
tls_private_key (registry.terra...)
local_file (registry.terra...)
Azure Resource Naming Conventions
learn.microsof...
Thank you so much dude for this video. I was stuck banging my head on this one and this was a great help.
Your welcome!
What's the procedure when I want to access the module repository from a project within the same az DevOps organization?
Subscribed... As soon as I saw the "Terraformer" then I saw your "rando" directory, I couldn't stop lmfao! I call myself a PowerSheller and I use randotron for my testing directory, from Rick and Morty, for my setup :D
Seems we are birds of the same feather 😊🙌
Can't we add the terraform-module repo as submodule to the main repo ? Atleast we are doing in our project. Although we are using bicep as Iac
What about using a PAT instead of a SSH ? What would be the steps in that case?
The problem with Pat is it’s embedded in the url!!! Mucho bad!!! 😭
Thank you for this. I have a question when am trying to download a module from the source path it downloads all the modules instead of just specific one which am referring. I have created 1 folder for each resource/module like AppService, App service plan etc. Any reason why? I have given the path like you mentioned. So for example if I mention the source URL//AppService it also download AppServicePlan as well in the .terraform folder. I am testing it in local.
That is the expected behavior when you reference a module. All modules in that module repository will be loaded even if they are not used in your solution. It is common for module repos to have modules within the repository draw local references on other modules. So they pull them all in.
Thanks for showing us the best approach and working fine from az DevOps. But what if I have to do it from my local visual studio code. It is asking for the ssh key always. What should I do to read the module repository in this case ?
Is your default ssh key setup in AzDO?
Thank you for this! How does versioning work with this? Especially when there are multiple modules in a single repo?
You should use tags to create a version history. When you reference a specific version Terraform init will load the entire repo (not just the module referenced). This is a good thing as there can be relative dependencies.
Is there any other option other than ssh key to source a terraform module into another azure repo
You can also use a PAT token but that requires embedding the PAT token in the url. When the URL is on the module source that means it's gonna be in our source code! A big no-no!
Cant thank you enough!! I was stuck at the part "cant download repo access denied" and I tried everything till I watched your video and learnt how to install ssh key
Glad I could help
Great video! Is that a way to do the same thing with the module sources but using https instead of ssh?
Probably but the problem with https and even the AzDO PAT token approach is that the credentials are usually embedded in the url…which in terraform means it’s in the url of the module…which you do not want…so I’d recommend sticking with SSH
This is a great video and I couldn't see how it could be fully automated securely unless you use a pki standalone server but you have pointed out 2 major things I agree with..SSH on the repos and not ssh for each terraform module as over kill and can be unmanageable.
There is a potential for deep thotz on security here. But it seems most people use locally generated ssh keys to access source control in lieu of PKI infrastructure and it seems “good enough”. The one thing I mentioned that would be good to lock it down is to create a dedicated identity that the ssh key could be associated with that is basically only gonna have read access to repos. This would avoid pipelines impersonating individual users and apply principle of least privilege.
@@azure-terraformer I totally agree... everything Azure and Azure Dev Ops and Actions should always be least privilege keep.. keep up the good vids !!! 😊
Excellent and Thanks ❤
Most welcome 😊
Your audio is terrible. Iam surprised you made a lot of videos, every video is having issues with audio. Iam only able to listen in left speaker. Right speaker is giving some noise
Sorry about that! Early on, I often forgot to convert the single channel audio into stereo (it is a very hidden feature of Camtasia Studio). Thank you for bringing this to my attention!
@@azure-terraformer your videos got good content. Please find if there is a way to fix this audio issue without deleting them
@sacredindia88 thanks for the kind words. Unfortunately youtube doesn't allow changing an existing video's content. I would have to re-encode and re-upload as a new video.