-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathencryption.tf
More file actions
44 lines (33 loc) · 1.02 KB
/
encryption.tf
File metadata and controls
44 lines (33 loc) · 1.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
variable "state_encryption" {
# Change passphrase to be at least 16 characters long:
type = string
sensitive = true
}
terraform {
encryption {
## Step 1: Add the unencrypted method:
#method "unencrypted" "migrate" {}
## Step 2: Add the desired key provider:
key_provider "pbkdf2" "my_key_provider_name" {
passphrase = var.state_encryption
}
## Step 3: Add the desired encryption method:
method "aes_gcm" "my_method_name" {
keys = key_provider.pbkdf2.my_key_provider_name
}
state {
## Step 4: Link the desired encryption method:
method = method.aes_gcm.my_method_name
## Step 5: Add the "fallback" block referencing the
## "unencrypted" method.
#fallback {
# method = method.unencrypted.migrate
#}
## Step 6: Run "tofu apply".
## Step 7: Remove the "fallback" block above and
## consider adding the "enforced" option:
# enforced = true
}
## Step 8: Repeat steps 4-8 for plan{} if needed.
}
}