From f8bb2d82c9bb692a315866fc023888f473d23dc3 Mon Sep 17 00:00:00 2001 From: Tobias Reisinger Date: Wed, 9 Oct 2024 21:31:38 +0200 Subject: [PATCH] Add opentofu encryption --- main.tf | 15 +++++++++++++++ variables.tf | 4 ++++ 2 files changed, 19 insertions(+) diff --git a/main.tf b/main.tf index 8dbc4cb..7d2238a 100644 --- a/main.tf +++ b/main.tf @@ -16,6 +16,21 @@ terraform { skip_requesting_account_id = true skip_s3_checksum = true } + + encryption { + key_provider "pbkdf2" "encryption" { + passphrase = var.passphrase + } + + method "aes_gcm" "encryption" { + keys = key_provider.pbkdf2.encryption + } + + state { + method = method.aes_gcm.encryption + enforced = true + } + } } module "services" { diff --git a/variables.tf b/variables.tf index c3fcffd..12fd053 100644 --- a/variables.tf +++ b/variables.tf @@ -1,3 +1,7 @@ +variable "passphrase" { + sensitive = true +} + variable "backend_access_key" { sensitive = true }