Skip to main content

Using Private Repositories

If the repository containing the terraform module is private and requires credentials to retrieve, you can add the authentication details to a secret held within the namespace.

Let's assume we have a terraform module hosted in a private Github repository. Here's how to add authentication details:

  1. Create an SSH deployment key for the repository with the ability to clone.

  2. Create a Kubernetes secret in the namespace containing the SSH private key.

    $ kubectl -n apps create secret generic ssh --from-file=SSH_KEY_AUTH=id.rsa
  3. Update the Terraform module configuration resource, setting the [NAME] to the name of the secret:

    name: ssh
  4. Reference a git repository as the module source

    module: git::ssh://<TAG|BRANCH|COMMIT>

If you need to extract a specific folder within the repository the syntax git::ssh://<TAG|BRANCH|COMMIT>

The same process can be followed for GIT over HTTP; simply add GIT_USERNAME and GIT_PASSWORD to the secret.

What sources are supported?

We use the same library as Terraform, go-getter that supports:

  • Git
  • Mercurial
  • HTTP
  • Amazon S3
  • Google GCP

For full details, see