upstream/opentofu
1
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2026-05-28 04:15:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
opentofu/website/docs/language/state/examples/encryption/sample.tf

31 lines
733 B
Terraform
Raw Permalink Normal View History

allow static evaluations in encryption configuration (#1728) Signed-off-by: ollevche <ollevche@gmail.com> Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Signed-off-by: Oleksandr Levchenkov <ollevche@gmail.com> Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
2024-06-24 10:18:16 -04:00
variable "passphrase" {
# Change passphrase to be at least 16 characters long:
website: mark input passphrase for state encryption as sensitive Signed-off-by: Paul-Emmanuel Raoul <skyper@skyplabs.net>
2025-05-07 19:39:01 -04:00
default = "changeme!"
sensitive = true
allow static evaluations in encryption configuration (#1728) Signed-off-by: ollevche <ollevche@gmail.com> Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Signed-off-by: Oleksandr Levchenkov <ollevche@gmail.com> Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
2024-06-24 10:18:16 -04:00
}
Cleaning up encryption docs for 1.7.0-beta1 (#1495) Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com> Signed-off-by: James Humphries <James@james-humphries.co.uk> Co-authored-by: James Humphries <James@james-humphries.co.uk> Co-authored-by: Siddhartha Sonker <34684647+siddharthasonker@users.noreply.github.com>
2024-04-18 04:19:17 -04:00
terraform {
encryption {
## Step 1: Add the desired key provider:
Update some names in the encryption docs (#2762) Signed-off-by: Andrei Ciobanu <andrei.ciobanu@opentofu.org>
2025-05-07 09:06:22 -04:00
key_provider "pbkdf2" "my_key_provider_name" {
allow static evaluations in encryption configuration (#1728) Signed-off-by: ollevche <ollevche@gmail.com> Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Signed-off-by: Oleksandr Levchenkov <ollevche@gmail.com> Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
2024-06-24 10:18:16 -04:00
passphrase = var.passphrase
Cleaning up encryption docs for 1.7.0-beta1 (#1495) Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com> Signed-off-by: James Humphries <James@james-humphries.co.uk> Co-authored-by: James Humphries <James@james-humphries.co.uk> Co-authored-by: Siddhartha Sonker <34684647+siddharthasonker@users.noreply.github.com>
2024-04-18 04:19:17 -04:00
}
## Step 2: Set up your encryption method:
Update some names in the encryption docs (#2762) Signed-off-by: Andrei Ciobanu <andrei.ciobanu@opentofu.org>
2025-05-07 09:06:22 -04:00
method "aes_gcm" "my_method_name" {
keys = key_provider.pbkdf2.my_key_provider_name
Cleaning up encryption docs for 1.7.0-beta1 (#1495) Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com> Signed-off-by: James Humphries <James@james-humphries.co.uk> Co-authored-by: James Humphries <James@james-humphries.co.uk> Co-authored-by: Siddhartha Sonker <34684647+siddharthasonker@users.noreply.github.com>
2024-04-18 04:19:17 -04:00
}
state {
## Step 3: Link the desired encryption method:
Update some names in the encryption docs (#2762) Signed-off-by: Andrei Ciobanu <andrei.ciobanu@opentofu.org>
2025-05-07 09:06:22 -04:00
method = method.aes_gcm.my_method_name
Cleaning up encryption docs for 1.7.0-beta1 (#1495) Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com> Signed-off-by: James Humphries <James@james-humphries.co.uk> Co-authored-by: James Humphries <James@james-humphries.co.uk> Co-authored-by: Siddhartha Sonker <34684647+siddharthasonker@users.noreply.github.com>
2024-04-18 04:19:17 -04:00
## Step 4: Run "tofu apply".
## Step 5: Consider adding the "enforced" option:
# enforced = true
}
## Step 6: Repeat steps 3-5 for plan{} if needed.
}
}
Reference in a new issue Copy permalink