Creating and accessing a Database Instance using Secret Manager and Terraform/OpenTofu

secret-manager

terraform

Reviewed on June 19, 2025

In this tutorial, you will use a Terraform/OpenTofu configuration file that builds your entire infrastructure, such as a Database Instance, a secret, and a version in which your database credentials are stored. You will then be able to access your database credentials securely from the Scaleway console.

Before you start

To complete the actions presented below, you must have:

A Scaleway account logged into the console
Owner status or IAM permissions allowing you to perform actions in the intended Organization
A valid API key
Created an SSH key

Clone the GitHub repository and configure your environment variables

The Scaleway GitHub repository contains all the code you need to deploy your infrastructure.

Open a terminal and clone the repository to your local machine using the following command:
```
git clone git@github.com:scaleway/tutorial-sem-terraform.git
```
Access the tutorial-sem-terraform directory:
```
cd tutorial-sem-terraform
```

Paste the following command in your terminal to configure your environment variables. Make sure that you replace the placeholder values with your own.

export SCW_ACCESS_KEY="<SCWxxxxxxxxxxxxxxxxx>"
export SCW_SECRET_KEY="<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>"
export SCW_PROJECT_ID="<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>"
export SCW_ORGANIZATION_ID="<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>"

Understanding the files and directories

In the tutorial-sem-terraform repository, you will find the following folder structure:

examples/
├─ key-value/
   ├─ app/
   ├─ infra/

The key-value folder contains two additional folders named app and infra.
The app folder will interact with the database and ask Secret Manager for the password to connect to the database.
The infra folder contains the files that will configure your database and secret.

Build and deploy your infrastructure

Access the infra folder using the following command:
```
cd examples/key-value/infra
```
Run the following command to download the dependencies and initialize Terraform/OpenTofu:
```
terraform init
```
Run the following command to configure your infrastructure:
```
terraform apply
```

Type yes and Enter when prompted to enter a value. An output similar to the following displays:

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

database_public_endpoint = tolist([
  {
    "endpoint_id" = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    "hostname" = ""
    "ip" = "<public-endpoint>"
    "name" = ""
    "port" = <port>
  },
])

Navigate to the app folder:
```
cd .. && cd app
```
Run the following command:
```
go run .
```
An output similar to the following should display:
```
SCW_DEFAULT_REGION: fr-parSuccessfully connected!
```

Retrieve your database credentials

Click Secret Manager in the Security and Identity section of the Scaleway console side menu.
Click the database_secret secret.
Click the Versions tab.
Click seeMore icon next to the secret version. Your database's credentials display.

Questions?

Visit our Help Center and find the answers to your most frequent questions.

Visit Help Center