Add opentofu encryption

2024-10-09 21:31:38 +02:00 · 2024-10-09 21:31:38 +02:00 · f8bb2d82c9
commit f8bb2d82c9
parent 424e1db07f
2 changed files with 19 additions and 0 deletions
--- a/main.tf
+++ b/main.tf
@ -16,6 +16,21 @@ terraform {
    skip_requesting_account_id  = true
    skip_s3_checksum            = true
  }
+
+  encryption {
+    key_provider "pbkdf2" "encryption" {
+      passphrase = var.passphrase
+    }
+
+    method "aes_gcm" "encryption" {
+      keys = key_provider.pbkdf2.encryption
+    }
+
+    state {
+      method = method.aes_gcm.encryption
+      enforced = true
+    }
+  }
 }

 module "services" {
--- a/variables.tf
+++ b/variables.tf
@ -1,3 +1,7 @@
+variable "passphrase" {
+  sensitive = true
+}
+
 variable "backend_access_key" {
  sensitive = true
 }