Provider Credentials

The Scalr provider credential feature is an easy and secure (encrypted using AES 256) way to automatically pass provider credentials to your workspaces from a centrally managed location. Like most objects in Scalr, credentials are managed at the account scope and then assigned to environments. You can add as many credentials per provider as you want and the credentials need to be assigned to an environment where all workspaces within that environment will inherit the credentials. Credentials can be shared across one or more environments, but only one credential per provider type can be used in each environment. Users at the workspace level will see that credentials exist, but cannot view them. When a Terraform run is executed within a workspace the provider credential will automatically be passed to the run as a shell variable.

If you are using a provider in which Scalr does not have a provider credential option for, you can use the shell variable option to achieve similar functionality.

Configuring Credentials

Configuring provider credentials in Scalr is a three step process:

  1. Create the provider credentials at the account scope by clicking on manage account:

_images/manage_account_creds.png
  1. Click on the Scalr icon on the top left and select provider credentials:

_images/cloud_creds.png
  1. Lastly, link the provider credentials to the required environments by clicking on the environments and then the provider credentials tab:

_images/link_creds.png

Environments can be linked to multiple providers, but there can only one set of credentials per provider type per environment. Scalr currently supports credentials for the following providers. Click the links for guidance on configuring access in these clouds.

Credentials for other providers can be added manually to workspaces by adding shell variables via the variables tab.

Using Provider Credentials

You will see the credentials automatically shared with workspaces once they have been linked to the environment that the workspace is in:

_images/ws_provider_vars.png

The credential parameters can now be omitted from the Terraform configuration as seen in this AWS example:

provider "aws" {
  region     = var.region
}