Stores unencrypted values in tfstate

MeilleursAgents / terraform-provider-ansiblevault

Read ansible vault from Terraform

https://registry.terraform.io/providers/MeilleursAgents/ansiblevault/latest

MIT License

76 stars 19 forks source link

Stores unencrypted values in tfstate #111

Closed designermonkey closed 3 years ago

designermonkey commented 3 years ago

Surely the point of using a vault is to secure encrypted values? I love the idea of being ble to access these values inside terraform, but I am unsure of why they are being stored as unencrypted values in the tfstate file?

I may be missing something with how terraform works, but is there a way to make this plugin not store unencrypted values?

bdronneau commented 3 years ago

Hello @designermonkey ,

Yes with ansible-vault we have encrypted value in our repository but we do not upload tfsate in the same repository. We use GCS backend with encryption key. You can see recommendations here

designermonkey commented 3 years ago

Ah right ok. It would still be interesting to know if the data could be omitted from the state, but I guess that's a design problem for terraform to solve.

bdronneau commented 3 years ago

Yes. I'll close this issue if it's good for you