This message was deleted.
# atlantis-communitys
Slackbot
04/14/2023, 7:37 AMThis message was deleted.
b
Bruno Schaatsbergen
04/14/2023, 7:48 AMThis seems more like a Terraform specific question, but I would suggest to either use a Secret Manager or make a KMS key and encrypt it locally using the KMS key, then commit and decrypt the secret in Terraform.
Bruno Schaatsbergen
04/14/2023, 7:48 AMTreat your Terraform state as a secret too, as in Terraform secrets are never secret 😉
🤞 2
p
PePe Amengual
04/14/2023, 3:25 PMor parameter store can be used if you are are an aws user
g
Gabor Maghera
04/14/2023, 9:21 PMRemote state will expose your data source lookups.
Gabor Maghera
04/14/2023, 9:22 PMSOPS is a good way to go.
If you use Terragrunt, there’s support for it built in. But there’s a way to do it via pure Terraform too.
You’ll be storing secrets in code and remote state, but encrypted and unusable with something like KMS decrypting it (when used).
this 1
p
pomcho555
04/15/2023, 4:42 PMHashicorp Vault or AWS secret manager is our choice. These are straight forward to use.
b
Ben
04/17/2023, 10:36 AMThank you so much for this! I've taken these ideas to the team and we're making a decision on this 😄
b
Bruno Schaatsbergen
04/17/2023, 10:36 AM👌 !
g
Gabor Maghera
04/18/2023, 12:21 AM@pomcho555 check your remote state, anything you reference from Vault or AWS Secrets Manager will show inside.
Gabor Maghera
04/18/2023, 12:21 AM(we do the same thing with AWS Secrets Manager, and depending on how much protection you want it may or may not be enough)
p
pomcho555
04/19/2023, 3:52 PMThanks for the advice.
I assume dynamic secret on Vault is also decent option.