Secret management with terraform cdk
Question
In the past I've used Pulumi which offers a secrets management solution that allows stack based secrets to be checked into git while being encrypted.
I've been looking for a similar solution with Terraform CDK and haven't found one. Does Terraform CDK offer a similar solution so that I don't have to expose my stack based secrets (like mongoPassword in the Pulumi example above)?
1 answers
solution1
1 ACCPTED 2023-01-08 14:40:51
Unlike Pulumi, all secrets in terraform are stored in your state in plaintext. There's an issue that's been open for 8 years (at the time of writing this answer): https://github.com/hashicorp/terraform/issues/516
There's also a Gruntworks post on best practice, which specifically states that the secrets aren't encrypted: https://blog.gruntwork.io/a-comprehensive-guide-to-managing-secrets-in-your-terraform-code-1d586955ace1 (relevant bit about the state is here: https://blog.gruntwork.io/a-comprehensive-guide-to-managing-secrets-in-your-terraform-code-1d586955ace1#c49b )
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.