can you share any video tutorials resource where I can learn terraform CDKTF step by step ?

Thanks for sharing, this content helps us to build the correct Internal Developer Platform, too many companies solving this by creating their own IDP, but Backstage is attractive nowadays

Muito foda o desafio enfrentado (e vencido!). Parabéns também por compartilhar a questão da Neurodivergência.

So, practically, what does an employee install and configure on their computer to have access?

Hi Nic. Fantastic content, thank you for creating this. In a future iteration it would be great to point out that we strongly advise against using a Client Secret for real world workloads. We recommend using OIDC (Workload identity federation) or failing that a managed identity. This removes the need to manage and rotate a secret. If developing locally you can just use the az cli, no need to create a service principal (app registration). Thanks again for creating this.

A fantastic demo. Thanks for all the work you did here

Could you make use of terraform hooks to check the status of the init cloud config ?

Can we have some final decision on Stanza versus Block? I have witnessed a few more mentions of "Stanza" with respect to Terraform than I generally have seen. It usually seemed limited to folks that first used Consul or Vault.

Great info

Great information !

Music opens up very loud

Very nice initiative to reach millions of Arab engineers and students. شكرا

Great information from the source

Great Stuff! Thanks for the informative session on Vault Events. I was trying to enable it on my local system by running the command "vault server -experiment events.alpha1" but it says that I need to specify at least one config path by using -config. Any suggestions! Thank you :)

Thank you!!!

It was very informative session nicely explained by Rose 🌹 and thanks to Cole for organising such a wonderful meeting.

Thanks so much for the video , brother you saved me a lot of trouble

Hi, I have a a Kubernetes Cluster and a Nomad Cluster. I also have a single Consul Server installed in a VM outside of Nomad & K8S. I want to achieve workload load balancing / failover between K8s and Nomad. So in this case as I only have 1 Consul Server (since this for test purposes) can I still make use of Consul WAN Federation between the 2 clusters or else what path should I take to achieve my expectation. Thanks!

Great talk, thank you!

많이 배웠습니다

How timely

Is there support for events subscription via vault agent side car in kubernetes?

so i wanted my app to use vault, so i still have 2 places with secrets, vault and the place where my app has the access credentials to vault or am I overseeing something? is it really only 1 place with credentials if you use vault with the other products like consul?

I'm quite puzzled about the purpose of the generic resource modules, the ones imported from the git submodule. At a first glance they're one-to-one mappings to hashicorp/azurerm resources, effectively duplicating their structure. The differences that I see are: 1. This extra layer hides some arguments exposed by the hashicorp/azurerm resources 2. It might provide some defaults for what would otherwise be required arguments in a hashicorp/azurerm resource 3. Sometimes they use `for_each` and `dynamic` to cater for repeated arguments in certain hashicorp/azurerm resources However, out of 33 "generic resources": ``` find . -type f -name '*.tf' -not -name variables.tf | wc -l ``` there are only 10 `for_each` occurrences in 7 files: ``` find . -type f -name '*.tf' -not -name variables.tf -exec grep for_each {} \; | wc -l ``` ``` find . -type f -name '*.tf' -not -name variables.tf -exec grep -c for_each {} \; | sed -n '/0/!p' | wc -l ``` Now, as if this wasn't enough, he's also parameterizing the resource instantiations with locals in his root module, effectively introducing yet another no-op layer. At the end, the two layers don't seem to add much value. If they do, I fail to see in what scenarios they would add that value. In any case, I'm positive they don't _always_ add value. The final idea, of using maps and lists based on which resources get generated is definitely useful, but that's obviously possible without the two indirection layers (or one depending on how you count).

When can we expect part 2?

So, the whole benefit over the open-sourced Packer is that introduced Packer Registry where you store the Metadate and control the Image versioning from there, instead doing it from AWS/Azure? In your terraform script instead of reading it from Azure/AWS, you are going to read it from Packer Registry. Any other benefits?

from which file in repository , i can refer the command to create vault policy, key, auth and role creation steps,

@Hashicorp - Can HCP rotate Windows and Linux Secrets password? Can you share some documentation

Wonderful. Can you also please show for Dynamic secret

Hi i have a question regrading vault agent. I’m working on integrating HashiCorp Vault into our application using Vault Agent for authentication. The initial setup works well, where the application reads the Vault token from a file generated by Vault Agent and uses it to authenticate with the Vault server. However, I’m concerned about handling scenarios where the token’s max TTL is reached, and a new token is generated by Vault Agent. Currently, our application reads the token once during initialization and uses it for subsequent operations. If the token expires and a new one is generated, the application wouldn’t automatically know about the new token, which could lead to failed operations. To address this, I am thinking to implement a file watcher that monitors the token file for changes. When a new token is generated, the watcher reloads the token and updates the Vault client. While this seems to work in theory, I want to ensure that we’re following best practices and not missing any important considerations. Here are the specific questions I have: Is monitoring the token file for changes and reloading the token dynamically the recommended approach for handling token renewal with Vault Agent? Are there any potential pitfalls or edge cases I should be aware of when implementing this solution? Are there more efficient or reliable methods to ensure the application always has access to a valid token, especially in high-availability or production environments? I’d appreciate any feedback or suggestions on improving this implementation.

Do you have a video on using boundary client to rds?

Great video! however for me.. in order to reference the appropriate git tag, I had to do [email protected]:org/repo.git//<module>?ref=v1.0 instead of doing repo.git?ref=tag//module

When is part 2 coming?

Dear Mr Dadgar, Thank you. This short presentation is enlightening, insightful and inspires some ideas. Among developers, please include machine learning engineers and data engineers who are at least consumers of platforms too.

Does terraform cloud work best with github, or will it work equally well with github and gitlab?

This duo explained things so well that I'm looking for more videos of these two.

Can you show details of calling terraform no code provisioning using the apis , so we can call from our itsm tool , can you link to your sample code

Great to have such information from the source

Charming and interesting explanation, thank you

Muito conteúdo de excelência em uma só palestra, parabéns a Hashicorp por montar esse timaço

Thanks for sharing!

Can waypoint action be used to run custom scripts or perform toolkit installations on a newly deployed EC2 instance / VM ?

Hi! Can we run tests for modules with tags instead of branches? It is not possible to change anything in the configuration.

Is HCP boundary is a identity provider tool like Okta, luminate ??

Can an external storage be hooked with Vault Cluster. Like the external secret operator does

Great session team!

What a excellent and well facilitated session. Way to go Team India!

great talk thnx

🖤

I watched it for 2nd time for the Vault dynamic secrets. So. $vault lease reovke -force -prefix <>. should not be used ? What is the preferred way here then.