mirror of https://github.com/opentofu/opentofu.git synced 2026-05-28 04:15:54 -04:00

History

Diógenes Fernandes a88a1f004e Normalize HCL config paths in `TestComplianceBinary/*` tests on Windows (#3222 ) Signed-off-by: Diogenes Fernandes <diofeher@gmail.com>		2025-09-04 13:59:50 -03:00
..
protocol	convert `.json` files from using `CRLF` to `LF` (#3212 )	2025-08-29 14:03:08 -03:00
testmethod	Normalize HCL config paths in `TestComplianceBinary/*` tests on Windows (#3222 )	2025-09-04 13:59:50 -03:00
command.go	Implement the first part of RFC 20250303-linter-policy (#2577 )	2025-03-10 13:16:27 -04:00
compliance_test.go	Normalize HCL config paths in `TestComplianceBinary/*` tests on Windows (#3222 )	2025-09-04 13:59:50 -03:00
config.go	Fixes #2337 : External encryption method (#2367 )	2025-01-31 12:13:18 -05:00
descriptor.go	Fixes #2337 : External encryption method (#2367 )	2025-01-31 12:13:18 -05:00
protocol.go	Fixes #2337 : External encryption method (#2367 )	2025-01-31 12:13:18 -05:00
README.md	Fixes #2337 : External encryption method (#2367 )	2025-01-31 12:13:18 -05:00

README.md

External encryption method

Warning

This file is not an end-user documentation, it is intended for developers. Please follow the user documentation on the OpenTofu website unless you want to work on the encryption code.

This directory contains the external encryption method. You can configure it like this:

terraform {
  encryption {
    method "external" "foo" {
      keys = key_provider.some.provider
      encrypt_command = ["/path/to/binary", "arg1", "arg2"]
      decrypt_command = ["/path/to/binary", "arg1", "arg2"]
    }
  }
}

The external method must implement the following protocol:

On start, the method binary must emit the header line matching the header schema on the standard output.
OpenTofu supplies the input metadata matching the input schema on the standard input.
The method binary must emit the output matching the output schema on the standard output.