snippetterraformMinor
How to hide/mask credentials stored at terraform state file
Viewed 0 times
storedfilemaskcredentialsstatehowhideterraform
Problem
In terraform, when we create a resourcekey for eg ibm_resource_key, all the credentials created are stored in plain text in state file.
Question is how to hide/mask the credential section/ secret sections in state file.
Options are to store the state file itself in some safe place like S3 , vault etc, but is there a way to hide the info in state file itself?
Question is how to hide/mask the credential section/ secret sections in state file.
Options are to store the state file itself in some safe place like S3 , vault etc, but is there a way to hide the info in state file itself?
Solution
The tfstate file can be thought of as your "executable". So no, you cannot hide/remove sensitive values from it.
What you can do, however, is to store it safely. Terraform offers tutorials on how to configure your backend to store the tfstate (because this file must never make it to your Git repository). Usually it consists of an S3 bucket (to store the contents) and a DynamoDB table (for version management).
What you can do, however, is to store it safely. Terraform offers tutorials on how to configure your backend to store the tfstate (because this file must never make it to your Git repository). Usually it consists of an S3 bucket (to store the contents) and a DynamoDB table (for version management).
Context
StackExchange DevOps Q#16697, answer score: 1
Revisions (0)
No revisions yet.