Add opentofu encryption

main.tf

@@ -16,6 +16,21 @@ terraform {
     skip_requesting_account_id  = true
     skip_s3_checksum            = true
   }
+
+  encryption {
+    key_provider "pbkdf2" "encryption" {
+      passphrase = var.passphrase
+    }
+
+    method "aes_gcm" "encryption" {
+      keys = key_provider.pbkdf2.encryption
+    }
+
+    state {
+      method = method.aes_gcm.encryption
+      enforced = true
+    }
+  }
 }
 
 module "services" {

variables.tf

@@ -1,3 +1,7 @@
+variable "passphrase" {
+  sensitive = true
+}
+
 variable "backend_access_key" {
   sensitive = true
 }