15

I have set-up a terraform project with a remote back-end on GCP. Now when I want to deploy the infrastructure, I run into issues with credentials. I have a credentials file in 

\home\mike\.config\gcloud\credentials.json

In my terraform project I have the following data referring to the remote state:

data "terraform_remote_state" "project_id" {
   backend   = "gcs"
   workspace = "${terraform.workspace}"

   config {
     bucket = "${var.bucket_name}"
     prefix = "${var.prefix_project}"
   }
}

and I specify the cloud provider with a the details of my credentials file.

provider "google" {
  version     = "~> 1.16"
  project     = "${data.terraform_remote_state.project_id.project_id}"
  region      = "${var.region}"
  credentials = "${file(var.credentials)}"
}

However, this runs into 

data.terraform_remote_state.project_id: data.terraform_remote_state.project_id: 
error initializing backend:
storage.NewClient() failed: dialing: google: could not find default 
credentials.

if I add

export GOOGLE_APPLICATION_CREDENTIALS=/home/mike/.config/gcloud/credentials.json

I do get it to run as desired. My issue is that I would like to specify the credentials in the terraform files as I am running the terraform commands in an automated way from a python script where I cannot set the environment variables. How can I let terraform know where the credentials are without setting the env variable?

Improve this question

3 Answers 3

Reset to default
22

I was facing the same error when trying to run terraform (version 1.1.5) commands in spite of having successfully authenticated via gcloud auth login.

Error message in my case:

Error: storage.NewClient() failed: dialing: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.

It turned out that I also had to authenticate via gcloud auth application-default login and was able to run Terraform commands thereafter.

---

This is because of the following subtle difference between the two commands:

gcloud auth login: Authenticates a user for gcloud and gsutil CLI commands.

gcloud auth application-default login: Authenticates applications (like Terraform, SDKs, or scripts) using Application Default Credentials (ADC).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

7

I figured this out in the end.

Also the data needs to have the credentials.

E.g.

data "terraform_remote_state" "project_id" {
  backend   = "gcs"
  workspace = "${terraform.workspace}"

  config = {
    bucket = "${var.bucket_name}"
    prefix = "${var.prefix_project}"
    credentials = "${var.credentials}"  <- added
  }
}
Improve this answer

1 Comment

missing config = {
2

​Provide the service account credentials:

terraform {

  backend "gcs" {
    credentials = "myserviceaccount-credentials-file.json"
    bucket = "my-project-global-bucket"
    prefix = "terraform/state"
  }

}
Improve this answer

1 Comment

It works for terraforrm backend .

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.