steampipe plugin install turbotsteampipe plugin install turbot

Turbot + Steampipe

Turbot is a cloud governance and security platform with a real-time CMDB for cloud resources.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

For example:

| trunk_title | uri |
| Turbot > IAM > Access Key | tmod:@turbot/turbot-iam#/resource/types/accessKey |
| GCP > Monitoring > Alert Policy | tmod:@turbot/gcp-monitoring#/resource/types/alertPolicy |
| AWS > IAM > Access Key | tmod:@turbot/aws-iam#/resource/types/accessKey |
| AWS > EC2 > AMI | tmod:@turbot/aws-ec2#/resource/types/ami |
| AWS > SSM > Association | tmod:@turbot/aws-ssm#/resource/types/association |
| GCP > Network > Address | tmod:@turbot/gcp-network#/resource/types/address |


Get started


Download and install the latest Turbot plugin:

steampipe plugin install turbot


Installing the latest turbot plugin will create a config file (~/.steampipe/config/turbot.spc) with a single connection named turbot. By default, Steampipe will use your Turbot profiles and credentials exactly the same as the Turbot CLI and Turbot Terraform provider. In many cases, no extra configuration is required to use Steampipe.

connection "turbot" {
plugin = "turbot"

Get involved

Advanced configuration options

If you have a default profile setup using the Turbot CLI, Steampipe just works with that connection.

For users with multiple workspaces and more complex authentication use cases, here are some examples of advanced configuration options:

Credentials via key pair

The Turbot plugin allows you set static credentials with the access_key, secret_key, and workspace arguments in any connection profile.

connection "turbot" {
plugin = "turbot"
workspace = "https://turbot-acme.cloud.turbot.com/"
access_key = "c8e2c2ed-1ca8-429b-b369-010e3cf75aac"
secret_key = "a3d8385d-47f7-40c5-a90c-bfdf5b43c8dd"

Credentials via Turbot config profiles

You can use an existing Turbot named profile configured in /Users/jsmyth/.config/turbot/credentials.yml. A connect per workspace is a common configuration:

connection "turbot_acme" {
plugin = "turbot"
profile = "turbot-acme"
connection "turbot_dmi" {
plugin = "turbot"
profile = "turbot-dmi"

Credentials from environment variables

Environment variables provide another way to specify default Turbot CLI credentials:

export TURBOT_SECRET_KEY=3d397816-575f-4b2a-a470-a96abe29b81a
export TURBOT_ACCESS_KEY=86835f29-1c88-46d9-b6ce-cbe5016842d3
export TURBOT_WORKSPACE=https://turbot-acme.cloud.turbot.com

You can also change the default profile to a named profile with the TURBOT_PROFILE environment variable:

export TURBOT_PROFILE=turbot-acme