Kloudle
academy

How to authenticate Steampipe with DigitalOcean

Riyaz Walikar
#steampipe#cloudsecurity#digitalocean
Feature image

Introduction

DigitalOcean is an Infrastructure as a Service cloud provider, much like AWS and Google cloud, with a limited set of resources that you can create and manage. Amongst other things, you can run compute instances, databases, Kubernetes clusters, Load Balancers, serverless functions and storage buckets.

Steampipe supports integrating with DigitalOcean using an API key that you can generate within DigitalOcean. Once setup, you can use Steampipe to retrieve information from the cloud provider to be able to query locally.

Configuring steampipe to work with DigitalOcean

To make this work, we will need to

  1. Install the plugin required for Steampipe to work with DigitalOcean
  2. Generate a read only API authentication token from DigitalOcean
  3. Configure Steampipe to work with the generated token

Installing the DigitalOcean plugin

Integrations with Steampipe are called plugins that can be installed using the command line.

  1. To install the DigitalOcean plugin, run the following command

    steampipe plugin install digitalocean

  2. Run the following command to confirm that the plugin is installed correctly

    steampipe plugin list

    Steampipe plugin list

Generating the DigitalOcean Token

A read only token needs to be generated to be provided to Steampipe.

  1. Login to DigitalOcean and navigate to https://cloud.digitalocean.com/account/api/tokens

  2. Under the Tokens/Keys tab, click on the “Generate New Token” button

  3. Give the token a name - for example, “Steampipe Token”. Set an expiration of 30 days (you can increase or decrease this based on your preference) and remove the “Write (optional)” checkbox.

    DigitalOcean Personal Access Token Generate

  4. Click on Generate Token and copy the value displayed. The token starts with the string dop. The token will not be shown again so make sure this is copied.

    DigitalOcean Personal Access Token List

Configure Steampipe to use the generated token

  1. Open the ~/.steampipe/config/digitalocean.spc in your favorite editor

  2. Add the DigitalOcean token obtained in the previous section, at the end of the file and save it

    Steampipe DigitalOcean Configuration File

Testing the set up for DigitalOcean

Once configured, the following commands can be used to figure out if the setup is complete and that DigitalOcean data is being retrieved successfully

  1. Start Steampipe in query mode and query for DigitalOcean resources

    steampipe query
select name from digitalocean_project

    Steampipe DigitalOcean Query

    Steampipe Select Query

  2. You can use .inspect to look at the structure of other tables and query them as standard SQL queries.

    Steampipe Inspect Table Columns

Output formats

A quick note about output formats. Steampipe supports csv, json, table and line output formats.

For example, if you want to see the output to a SQL select command as json, then set the output format to json using .output.

Here’s an example

Steampipe Output Formats

Steampipe Output Format in JSON

← Back to Academy