feat: remove fastly secret store item

Orkuncakilkaya · Orkuncakilkaya · commit d4a228396503 · 2025-06-20T12:51:00.000+03:00
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Prerequisites
 
-* Create a `terraform.tfvars` file, fill your `fastly_api_key`, `integration_domain`, `main_host`, `get_result_path`, `agent_script_download_path`, `proxy_secret`
+* Create a `terraform.tfvars` file, fill your `fastly_api_key`, `integration_domain`, `main_host`, `get_result_path`, `agent_script_download_path`
 * Create an empty Fastly Compute service and copy the id
 * Paste the id in `terraform.tfvars` file like this:
 ```terraform
@@ -34,6 +34,9 @@ terraform import fastly_service_compute.fingerprint_integration "<your_service_i
 terraform apply
 ```
 
+> After you deployed your service via terraform, you need to add Secret Store item with key PROXY_SECRET
+> to Secret Store created via Terraform and fill your value. This approach is suggested by Fastly. For details please see [this link](https://registry.terraform.io/providers/fastly/fastly/latest/docs/resources/secretstore) and check Note section.
+
 # Destroy
 
 To destroy, run this:
@@ -45,8 +48,4 @@ terraform destroy
 
 * In our implementation for Fastly Compute, we support multiple proxy integrations in one account, in order to do this, we bind store names with compute service id.
 To apply this on terraform, we run in to cyclical dependency problem. In order to fix this, we rely on already created empty service and its ID.
-* Fastly Terraform Provider officially doesn't support storing secret items via terraform.
-So we are using MasterCard's RestApi provider to put our `PROXY_SECRET`.
 * If you use your own custom asset, then you need to maintain your asset's version on your own!
-* If you use plugin system for Fastly Compute Proxy Integration, this module doesn't support KV Store yet! It'll be implemented in the future
-* This module doesn't create TLS certificate for your service yet! It'll be implemented in the future
diff --git a/main.tf b/main.tf
@@ -4,27 +4,13 @@ terraform {
       source  = "fastly/fastly"
       version = ">= 7.0.0"
     }
-    restapi = {
-      source  = "Mastercard/restapi"
-      version = "2.0.1"
-    }
   }
 }
 
 provider "fastly" {
   api_key = var.fastly_api_key
 }
 
-provider "restapi" {
-  uri = "https://api.fastly.com"
-  headers = {
-    "Fastly-Key" = var.fastly_api_key
-  }
-  id_attribute         = "id"
-  write_returns_object = true
-  copy_keys = ["id"]
-}
-
 module "compute_asset" {
   count                        = var.download_asset ? 1 : 0
   source                       = "./modules/download_asset"
@@ -68,16 +54,6 @@ resource "fastly_secretstore" "integration_secret_store" {
   name = local.secret_store_name
 }
 
-resource "restapi_object" "add_proxy_secret" {
-  data = jsonencode({ "name" = "PROXY_SECRET", "secret" = base64encode(var.proxy_secret) })
-  path          = "/resources/stores/secret/${fastly_secretstore.integration_secret_store.id}/secrets"
-  depends_on = [fastly_secretstore.integration_secret_store]
-  object_id     = "PROXY_SECRET"
-  lifecycle {
-    ignore_changes = all
-  }
-}
-
 resource "fastly_service_compute" "fingerprint_integration" {
   name = var.integration_name
 
@@ -142,7 +118,7 @@ resource "fastly_service_compute" "fingerprint_integration" {
 
   depends_on = [
     fastly_configstore.integration_config_store, fastly_configstore_entries.integration_config_store_entries,
-    fastly_secretstore.integration_secret_store, restapi_object.add_proxy_secret
+    fastly_secretstore.integration_secret_store
   ]
 }
 
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
@@ -4,6 +4,5 @@ main_host = "metrics-origin.mydomain.com" # Set here to something like metrics-o
 integration_path = "" # Main path to serve this proxy integration from. Please use random string minimum 6 characters long, no special characters like `w2kz84h`
 agent_script_download_path = "" # Fingerprint Javascript Agent download path. Please use random string minimum 6 characters long, no special characters like `w2kz84h`
 get_result_path = "" # Fingerprint Identification endpoint path. Please use random string minimum 6 characters long, no special characters like `w2kz84h`
-proxy_secret = "" # Obtain this proxy secret from fingerprint.com dashboard
 kv_store_enabled = true # Enable KV Store service deployment
 kv_store_save_plugin_enabled = "true" # Enable Fingerprint's builtin KV Store Open Client Response plugin
diff --git a/variables.tf b/variables.tf
@@ -35,11 +35,6 @@ variable "get_result_path" {
   default = "result"
 }
 
-variable "proxy_secret" {
-  type = string
-  sensitive = true
-}
-
 variable "repository_organization_name" {
   type    = string
   default = "fingerprintjs"
