Closed designermonkey closed 3 years ago
Hello @designermonkey ,
Yes with ansible-vault we have encrypted value in our repository but we do not upload tfsate
in the same repository. We use GCS backend with encryption key.
You can see recommendations here
Ah right ok. It would still be interesting to know if the data could be omitted from the state, but I guess that's a design problem for terraform to solve.
Yes. I'll close this issue if it's good for you
Surely the point of using a vault is to secure encrypted values? I love the idea of being ble to access these values inside terraform, but I am unsure of why they are being stored as unencrypted values in the tfstate file?
I may be missing something with how terraform works, but is there a way to make this plugin not store unencrypted values?