terraform-credentials-gcs is a Terraform "credentials helper" plugin that allows providing credentials for Terraform-native services (private module registries, Terraform Cloud, etc) publish in private Google Cloud Storage bucket.
To use it, download a release archive and extract it into the ~/.terraform.d/plugins directory where Terraform looks for credentials helper plugins. (The filename of the file inside the archive is important for Terraform to discover it correctly, so don't rename it).
Terraform will take the newest version of the plugin it finds in the plugin search directory, so if you are switching between versions you may prefer to remove existing installed versions in order to ensure Terraform selects the desired version.
Once you've installed the plugin, enable it by adding the following block to your Terraform CLI configuration: credentials_helper "gcs" {}.
This credentials helper plugin does not take any additional arguments, so the block must be left empty as shown above.
To enable authentication on Google Cloud Storage, use at least:
- Use
gcloudwithgcloud auth login --update-adc --no-launch-browser export GOOGLE_APPLICATION_CREDENTIALS=/path/to/your/service/account/file.json: file pathexport GOOGLE_CREDENTIALS=$(cat /path/to/your/service/account/file.json | tr -d "\n"): file content
This will provided authentication to golang.org/x/oauth2/google wich understand these methods. See https://cloud.google.com/docs/authentication/production.
This helper will store credentials for registries in $HOME/.config/terraform-credentials-gcs.