Skip to main content

Command Palette

Search for a command to run...

How to Create Random Passwords Using Terraform

Updated
2 min read
How to Create Random Passwords Using Terraform
R

I'm technologist in love with almost all things tech from my daily job in the Cloud to my Master's in Cybersecurity and the journey all along.

When creating VMs, it's common to use a username and password to connect to them. While using SSH keys is definitely better for Linux machines, the other day I needed to set a password for an Ubuntu VM

I checked out the Terraform function for creating random strings:

random_password (Resource)

Then I wrote the code below which later re-use in the VM creation module

variable "length" {
  description = "The length input from the user"
  type        = number
  default     = 18
}
resource "random_password" "password" {
  length           = var.length
  special          = true
  override_special = "!#$%&*()-_=+[]{}<>:?"

   keepers = {
    # this will recreate the password if the timestamp changes: meaning every running will generate a new password
    timestamp = "${timestamp()}"
  }
}

output "espassword" {
  value     = random_password.password.result
  sensitive = true
}

/*  Create a random password with the following requirements:
  - Length: 18 default value
  to change the length, use the following command
  export TF_VAR_length=20 in the shell changing the lenght will regenerate the password

   Can also be done using the following command: terraform apply -var 'length=20' -auto-approve
  - Special characters: !#$%&*()-_=+[]{}<>:?
  - Output the password as a sensitive output
  to show the password in the Terraform output
  terraform output espassword
  to regenerate the password
    terraform taint random_password.password
    terraform apply
    terraform output espassword
*/

To execute this code:

  1. terraform init

  2. terraform plan (optional)

  3. terraform apply

  4. terraform output espassword. This will show the password string in the console

  5. Easier to execute all in 1 liner: terraform apply -auto-approve;terraform output espassword

  6. Also, it's possible to create passwords of different length which can be specified at runtime, ex: terraform apply -var 'length=22' -auto-approve;terraform output espassword

Once that done the password will be show in the console, ex:

"w$5(sLht)N>!{IjQ7r" Note: Quotes are not meant to be part of the password

Roberto

More from this blog

U

Understand. Build. Conquer the Cloud

70 posts

No time for a novel? Here are my my Cloud Architect field notes: Distilling my complex cloud adventures into digestible TL;DRs.