cloud-native-toolkit / iascable

IasCable is a node/typescript library to build installable component infrastructure components from a catalog of available modules
MIT License
13 stars 8 forks source link

Handling of Terraform state including credentials #194

Open nheidloff opened 2 years ago

nheidloff commented 2 years ago

When working with more than one person with Terraform, the question comes up how to share Terraform state information. Usually this is done by using external storage like S3. What is our advice?

This video explains options: https://youtu.be/7xngnjfIlK4?t=1988 and https://youtu.be/7xngnjfIlK4?t=5769 The option to use as many modules as possible and to have different values for different environments makes sense to me.

A related question is how to handle secrets, not at runtime/in Kubernetes clusters, but for running Terraform. Should all credentials be put in credentials.properties and should .gitignore be used? Could these secrets be somehow sealed too? Where should they be stored and shared?

triceam commented 2 years ago

This should be documentation/best practices on https://operate.cloudnativetoolkit.dev. At this time we do not plan on addressing terraform state management or shared state within the module framework.