Protecting secrets in a Git repository
Terraform doesn't provide any built-in way of securing your state
file. Neither is there a way to secure only some part of it or even provide encrypted data inside your templates. And it's a shame because sooner or later you will have to use some kind of secrets with your templates: passwords, API keys, and others. If you plan to store your state
file in the git
repository, it's important to protect it. The easiest solution is to encrypt the whole state
file, store the encrypted version in the repository, and distribute the key for decryption with your team members.
You could make this task easier with the help of a tool named terrahelp
. Terrahelp is a small CLI written in Go that simplifies the encryption ...
Get Getting Started with Terraform now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.