Dependancies between modules that can support data sources and not outputs for secrets

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.

https://terragrunt.gruntwork.io/

MIT License

8.01k stars 971 forks source link

Dependancies between modules that can support data sources and not outputs for secrets #2038

Open flowinh2o opened 2 years ago

flowinh2o commented 2 years ago

Hello everyone. Is there a way to pass data from one module to another? For example I have a rds database that I am creating in one rds/terragrunt.hcl and then I would like to use a 1password module running in another terragrunt.hcl file. When running the rds stack it would be nice to be able to read the datasource in the 1password via the dependency block without referring to outputs as they should not stored in state. Is this possible?

denis256 commented 2 years ago

Hi, I was thinking to save sensitive data to a file and later reading it through file function

dependency "generator" {
  config_path = "../generator"
  mock_outputs = {
    sensitive_file = "file.txt"
  }
}
inputs = {
  pass = file("../generator/${dependency.m1.outputs.sensitive_file}")
}

flowinh2o commented 2 years ago

Thanks for the suggestion @denis256. In order to do that we would just need to play with the formatting of what is being stored in 1pasword to see if this is something that would work and then just we would need to make sure these files are in .gitignore. Wish we could just use data resource between modules.