Let’s learn how to generate a random password using Terraform.
If you have already tried to deploy one AWS RDS, AWS Secret Manager, AWS MSK, or anything that requires authentication, you need to manually define passwords on your Terraform. However, you can use the approach below with any cloud provider, like Azure or Google Cloud.
The Terraform provides us with different features that allow us to generate random strings, and this is great because we don’t need to rely on another script, or language to generate a password for us.
Terraform Random Password
The Terraform provides us with two different resources that enable us to generate random strings: random_string and random_string.
What is the difference between random_string and random_password?
Both have the same arguments (schema) and do the same function: generate a random string. However, the random_password does not show the output in the console.
So, let’s see how to create a random password using random_password:
In the example below, we create a random password, and later, we store that password in the Secret Manager.
resource "random_password" "secret" {
length = 16
special = true
override_special = "!#$%&*()-_=+[]{}:?"
}
resource "aws_secretsmanager_secret_version" "app-secret-version-bitslovers" {
secret_id = aws_secretsmanager_secret.app-secret-version-bitslovers.id
secret_string = jsonencode({ username = var.user_admin, password = random_password.secret.result })
}
Look at override_special. We can define our own list of special characters to utilize to create the string, when we define a value for that, we are overriding the default character list in the special argument. The special argument must explicitly be set to true to use our list.
Also, use the result property to retrieve the value generated. If you perform the “terraform plan“, the output for that value will be removed and should see the string “(sensitive value)” instead of the original value.
If we decide to create a random string that represents our user? How do we generate a string that is readable for us humans? Short answer random_pet
Generating Random Names
Let’s imagine the scenario above, that we need to create one Secret using the AWS Secret Manager and we need besides the password we need to provide a random username. Let’s how we can do it using random_pet.
What is random_pet?
Creates random pet names that are planned to be utilized as distinctive identifiers for different resources. (You can use it to find a good name for your dog too…)
Terraform Random Pet Example
resource "random_pet" "username" {}
Yeap, you aren’t crazy. There is no required argument. So, to use it in our Secret:
resource "aws_secretsmanager_secret_version" "app-secret-version-bitslovers" {
secret_id = aws_secretsmanager_secret.app-secret-version-bitslovers.id
secret_string = jsonencode({ username = random_pet.username, password = random_password.secret.result })
}
Terraform Random Number
Right now, if you are looking for a solution that generates a random number, you can use the random_number. But it’s not recommended if you plan to use it for a password. First, it will generate a weak password, and second, the password will be printed in the console log—not a good deal.
# The following example shows how to generate a random priority between 1 and 99999:
resource "random_integer" "priority" {
min = 1
max = 99999
}