How to Manage Secrets in Terraform?

Another cool way is to store the sensitive values in SSM parameter store and then using the data source to pull it into your terraform.

iwutmbk

Антон, вы даже не сможете представить, как сильно вы помогли мне. Спасибо!

yasharsultanov

Спасибо, очень полезный урок, я даже сохранил в закладках.

kruchkov.alexandr

Very informative video, I didn't know about the "pass" password manager. Thank you.

gorandev

Thank you for this great video. You do priceless things here.

azerbaijan

Hi Anton, As usual really great content. Kudos to you for putting such high quality content everytime.

May be you can do playlist on central Logging solutions for k8s pods. Just a suggestion for future videos. Thanks again. Appreciate the effort you put behind these vidoes. 🎉

karthikreddy

Due to recent aws provider changes we can get rid of passwords for rds using manage_master_user_password attribute :)

Databases for me was the last thing that required creating passwords. Everything else can be managed with iam roles without passwords/keys at all

Wzooff

A very k8s-centric (i.e. the private key stays inside the cluster) method to encrypting secrets and being able to save them external to the cluster is via Bitnami's sealed secrets.

scottamolinari

great video especially the second part, Thanks in advance, Would you please explain after securing the secrets with the latest method, are we still have them as plain text on the state file or not? you didn't demo that part and the end of your video

aminniktash

Awsome! Btw, i’m using Vault hosting on an EC2 for storing secrets recently. What ur opinion abt its downsides when compare to managed services? Beside having to manage it urself lol

suoncha

is there a way to extract credentials from azure vault and run terraform and pass these values to azure pipeline solutions..I m looking for similar solution in azure around service principle

SANTOSHSINGHU

Show us how to do using hashicorp vault

yogithakakarla

Sir, can you teach us how to create cross-account deployment using terraform module in jenkins CI/CD pipeline?

samratchaudhary

Am I understanding correctly that the combination of sops+kms is not the best choice because the password is stored in the state?
So, from the perspective of GIT + CI/CD, it's beautiful and protected, but the state itself contains passwords and tokens.

kruchkov.alexandr

Great video. I would like to know why pass doesn't pops up again to enter the passphrase (to retrieve the password ) once we have got the password. So, every time we need the password, it should ask for the passphrase everytime

lakshayarora

What about the usage of random_password resource?

Would you recommend to remove it? Or is there anyway to leverage random_password resource securely? I am in DigitalOcean so I do not have KMS or something alike at the moment.

YordisPrieto

looks like AWS secret manager is the easiest way

domw

Ugh. Why are you using MacOS? With your knowledge, I was assuming you'd be running Linux...

HKnSLK

db_creds = jsondecode(
│ 7:
│ 8: )
│ ├────────────────
│ │ while calling jsondecode(str)
│
│ Call to function "jsondecode" failed: invalid character '"' after object key:value pair.

shantipahari