semaphoreui / semaphore

Modern UI and powerful API for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools.
https://semaphoreui.com
MIT License
10.6k stars 1.07k forks source link

Question: How do you manage the tfstate? #2390

Open bykof opened 1 month ago

bykof commented 1 month ago

Question

I have a git repository, where I manage all my servers and I want to have a state shared across semaphore and team members, who could possibly make a tofu apply manually. How do you share the tfstate? Do you commit it to the git repository?

Related to

No response

bykof commented 1 month ago

So I just saw this, is this the preferred way to do it: https://developer.hashicorp.com/terraform/language/state/remote

fiftin commented 1 month ago

Hi @bykof I already started implementing backend for Terraform. It will be available soon.

melroy89 commented 5 days ago

I was considering Semaphore UI, just to check-out what is can do. But I notice Christian Lempa also mentioned this issue with state files (for Terraform) not being persistent.

I don't want to depend again on external services hosted by hashicorp. So what about just creating a persistent volume or volume mount for people who run Semaphore UI using Docker? That shouldn't be hard, right? You just let the user store this file outside the docker container basically.

bykof commented 4 days ago

@melroy89 you could use state encryption to commit the encrypted file to Git and then env variables reseal the encrypted state. https://opentofu.org/docs/language/state/encryption/

melroy89 commented 4 days ago

@melroy89 you could use state encryption to commit the encrypted file to Git and then env variables reseal the encrypted state. https://opentofu.org/docs/language/state/encryption/

Nice, I see. That could also be a good alternative. I just wanted to highlight one notice from that webpage, just so people don't miss it:

Once your data is encrypted, do not rename key providers and methods in your configuration! The encrypted data stored in the backend contains metadata related to their specific names.