You don't want to store secrets in state files. Imagine you run a CI/CD system w... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		yeukhon on Dec 5, 2018 \| parent \| context \| favorite \| on: Hashicorp Vault v1.0 You don't want to store secrets in state files. Imagine you run a CI/CD system where you run terraform plan. Now secrets is all public.

toomuchtodo on Dec 5, 2018 | [–]

https://github.com/hashicorp/terraform/issues/516

TLDR: Terraform should use Vault for storing secrets in state, but does not support it yet.

(it is occasionally unavoidable storing secrets in state due to resources orchestrated)

zimbatm on Dec 5, 2018 | [–]

That's fine. Secrets are market as "sensitive" and not displayed in the plan output.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact