Remediate AWS CIS v3.0 and v4.0 with Flowpipe's interactive wizard →
DocsHubBlogChangelogSlack CommunityGitHub
Download
Get Involved
Edit on GitHub

Credential Import

Important

As of Flowpipe 1.0.0, credential_import has been renamed to connection_import. The credential_import resource is deprecated and will be removed in a future version of Flowpipe. Use connection_import instead.

The credential_import resource allows you to bulk import credentials from other systems & formats. credential_import is a top-level block defined in config files (*.fpc) like credential and workspace.

credential_import "steampipe" {
  source      = "~/.steampipe/config/*.spc"
  connections = ["*"]
  prefix      = "sp1_"
}

Imported credentials are converted to the native Flowpipe credential type - Steampipe aws connections become aws credentials, slack connections are slack credentials, etc.

The imported credentials are merged into the map of all credentials like any other credential, and they are referenced the same way. For example, if you have connections defined as:

connection "gcp_dev_aaa" {
  plugin    = "gcp"     
  project   = "dev-aaa"            
}


connection "gcp_demo" {
  plugin    = "gcp"     
  project   = "demo"            
}


connection "aws_001" {
  plugin  = "aws"
  regions = ["*"]
  profile = "aws-001"
}


connection "aws_002" {
  plugin  = "aws"
  regions = ["*"]
  profile = "aws-002"
}


connection "slack" {
  plugin  = "slack"
  token   = "xoxp-12345678902345"
}

and import with:

credential_import "steampipe" {
  source      = "~/.steampipe/config/*.spc"
  connections = ["*"]
}

Then they will be available in Flowpipe as:

credential.gcp.gcp_dev_aaa
credential.gcp.gcp_demo
credential.aws.aws_001
credential.aws.aws_002
credential.slack.slack

and they will have the same attributes as the native Flowpipe credential types:

credential.gcp.gcp_dev_aaa.access_token
credential.aws.aws_001.env
credential.aws.aws_001.access_key
credential.aws.aws_001.secret_key
credential.aws.aws_001.session_token
credential.slack.slack.token
# etc...

If you specify a prefix, the credential names will be prepended with it:

credential_import "steampipe" {
  source      = "~/.steampipe/config/*.spc"
  connections = ["*"]
  prefix      = "sp1_" 
}

Results in:

credential.gcp.sp1_gcp_dev_aaa
credential.gcp.sp1_gcp_demo
credential.aws.sp1_aws_001
credential.aws.sp1_aws_002
credential.slack.sp1_slack

If there is a name conflict for any credentials, Flowpipe will throw an error when loading.

At this time, you may only use a single import_credential block.