While Terracost was designed with an assumption that the cost estimation backend is a fully trusted environment, this might not always be the case. The plan file may contain private and confidential data that the user should not send over network, especially to an untrusted backend.
Suggestions/ideas
The library needs to accept anonymized cost keys, that can be extracted from a Terraform plan (or tfstate) locally. The extraction could be performed using a third-party tool, though a function and command line utility should also be provided by Terracost.
The cost keys should only contain data about the resources that is absolutely necessary to perform the estimation. All other data must be stripped from the plan.
Implementation details
implement a function and command line utility to extract anonymized cost keys from a Terraform plan
accept the cost keys, in addition to the tfplan format, for cost estimation
Abstract
While Terracost was designed with an assumption that the cost estimation backend is a fully trusted environment, this might not always be the case. The plan file may contain private and confidential data that the user should not send over network, especially to an untrusted backend.
Suggestions/ideas
The library needs to accept anonymized cost keys, that can be extracted from a Terraform plan (or tfstate) locally. The extraction could be performed using a third-party tool, though a function and command line utility should also be provided by Terracost.
The cost keys should only contain data about the resources that is absolutely necessary to perform the estimation. All other data must be stripped from the plan.
Implementation details