We're excited to announce the release of the official Phase Terraform Provider. This integration allows you to securely retrieve secrets stored in Phase directly within your Terraform configurations, enabling seamless incorporation of secret management into your infrastructure-as-code workflows.
Installation
Add the following Terraform block to your configuration:
terraform {
required_providers {
phase = {
source = "phasehq/phase"
version = "0.1.1"
}
}
}
Configuration
Configure the provider using environment variables for sensitive information:
provider "phase" {
phase_token = "pss_service:v1:..." # or use PHASE_TOKEN env var
}
For self-hosted instances, specify the API host:
provider "phase" {
host = "https://phase.example.io"
phase_token = "pss_service:v1:..."
}
Fetching Secrets
Use the phase_secrets data source to retrieve secrets:
data "phase_secrets" "all" {
env = "development"
app_id = "your-app-id"
path = ""
}
output "database_url" {
value = data.phase_secrets.all.secrets["DATABASE_URL"]
sensitive = true
}
Personal Secret Overrides
To access personal secret overrides, use a Personal Access Token (PAT) instead of a service token. The provider will automatically use overridden values when present.
Usage Example
Here's how you might use fetched secrets in your Terraform resources:
resource "some_resource" "example" {
database_url = data.phase_secrets.all.secrets["DATABASE_URL"]
api_key = data.phase_secrets.all.secrets["API_KEY"]
}
The Phase Terraform Provider is now available on the Terraform Registry. For detailed documentation and the latest updates, check out our Docs & GitHub repository. As always, we welcome your feedback and contributions!