From c9357e490d315ad8c18ff838077034ae17cba301 Mon Sep 17 00:00:00 2001
From: hcornet <hcornet@tips-of-mine.fr>
Date: Sat, 18 Jan 2025 14:23:04 +0100
Subject: [PATCH] Modify : add secret in Vault

---
 main.tf      |  3 +++
 provider.tf  | 14 +++++++++++++-
 records_a.tf |  4 ++--
 variables.tf | 23 +++++++++++++++--------
 4 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/main.tf b/main.tf
index e69de29..dda83f8 100644
--- a/main.tf
+++ b/main.tf
@@ -0,0 +1,3 @@
+data "vault_generic_secret" "cloudflare" {
+    path = "secret/cloudflare"
+}
\ No newline at end of file
diff --git a/provider.tf b/provider.tf
index 021c8af..603cfc5 100644
--- a/provider.tf
+++ b/provider.tf
@@ -4,11 +4,23 @@ terraform {
       source  = "cloudflare/cloudflare"
       version = "~> 4.50"
     }
+    vault = {
+      version = "~> 4.6.0"
+    }
   }
   required_version = ">= 1.7.5"
 }
 
 provider "cloudflare" {
-  api_token = var.cloudflare_api_token
+  api_token = data.vault_generic_secret.cloudflare.data["api_token"]
+#  email     = data.vault_generic_secret.cloudflare.data["email"]
+#  ip_server = data.vault_generic_secret.kv-cloudflare.data["ip_server"]
+#  zone_id   = data.vault_generic_secret.kv-cloudflare.data["zone_id"]
 }
 
+provider "vault" {
+  address          = var.vault_url
+  skip_child_token = true
+  skip_tls_verify  = true
+  token            = var.vault_token
+}
diff --git a/records_a.tf b/records_a.tf
index 2dcf2e0..cdd3f32 100644
--- a/records_a.tf
+++ b/records_a.tf
@@ -1,7 +1,7 @@
 resource "cloudflare_record" "a-root" {
   zone_id = var.cloudflare_zone_id
   comment = "Domain verification record A"
-  content = var.main_server
+  content = var.ip_server_a
   name    = "a-root.tips-of-mine.com"
   proxied = false
   tags    = []
@@ -12,7 +12,7 @@ resource "cloudflare_record" "a-root" {
 resource "cloudflare_record" "b-root" {
   zone_id = var.cloudflare_zone_id
   comment = "Domain verification record B"
-  content = var.main_server
+  content = var.ip_server_a
   name    = "@"
   proxied = false
   tags    = []
diff --git a/variables.tf b/variables.tf
index 3b1d231..f9a0b0a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -5,13 +5,6 @@ variable "cloudflare_email" {
   default     = "thedjinhn@gmail.com"
 }
 
-variable "cloudflare_api_token" {
-  description = "Le jeton de l'API Cloudflare."
-  type        = string
-  sensitive   = true
-  default     = "EiFZGvTTRwOgFB8-OiiNyuLGEPEZvqjM8ckpA-lA"
-}
-
 variable "cloudflare_zone_id" {
   description = "La zone DNS à laquelle ajouter l'enregistrement."
   type        = string
@@ -19,9 +12,23 @@ variable "cloudflare_zone_id" {
   default     = "82345d1f868f476b080d5ad04d39bd0c"
 }
 
-variable "main_server" {
+variable "ip_server_a" {
   description = "Le serveur principal"
   type        = string
   sensitive   = true
   default     = "10.0.4.50"
 }
+
+variable "vault_url" {
+  description = "URL du serveur Vault"
+  type        = string
+  sensitive   = true
+  default     = "https://vault.tips-of-mine.com"
+}
+
+variable "vault_token" {
+  description = "Token d'acces"
+  type        = string
+  sensitive   = true
+  default     = "hvs.BUXBydP1Iy6leqNIo2wx478p"
+}