Terraform doesn't provide any built-in way of securing your
state file. Neither is there a way to secure only some part of it or even provide encrypted data inside your templates. And it's a shame because sooner or later you will have to use some kind of secrets with your templates: passwords, API keys, and others. If you plan to store your
state file in the
git repository, it's important to protect it. The easiest solution is to encrypt the whole
state file, store the encrypted version in the repository, and distribute the key for decryption with your team members.
You could make this task easier with the help of a tool named
terrahelp. Terrahelp is a small CLI written in Go that simplifies the encryption ...