Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

standalone client-side remote state encryption #28603

Closed
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
merge upstream/main and deconflict - #9556
  • Loading branch information
StephanHCB committed Mar 15, 2022
commit bb2e1cf88fc057b8c11a5cf69e5e4ba4b56fcbc1
6 changes: 3 additions & 3 deletions website/docs/cli/config/environment-variables.mdx
Original file line number Diff line number Diff line change
@@ -159,7 +159,7 @@ If `TF_IGNORE` is set to "trace", Terraform will output debug messages to displa
export TF_IGNORE=trace
```

For more details on `.terraformignore`, please see [Excluding Files from Upload with .terraformignore](/docs/language/settings/backends/remote.html#excluding-files-from-upload-with-terraformignore).
For more details on `.terraformignore`, please see [Excluding Files from Upload with .terraformignore](/language/settings/backends/remote#excluding-files-from-upload-with-terraformignore).

## TF_REMOTE_STATE_ENCRYPTION

@@ -176,7 +176,7 @@ to enable client-side remote state encryption.
export TF_REMOTE_STATE_ENCRYPTION='{"implementation":"client-side/AES256-CFB/SHA256","parameters":{"key":"a0a1a2a3a4a5a6a7a8a9b0b1b2b3b4b5b6b7b8b9c0c1c2c3c4c5c6c7c8c9d0d1"}}'
```

Not setting this environment variable (or leaving it empty) disables this feature, that is Terraform sends
Not setting this environment variable (or leaving it empty) disables this feature, that is Terraform sends
unencrypted state to the remote state backend as usual.

For more details please see [Client-Side Remote State Encryption](/docs/language/state/encryption.html).
@@ -187,7 +187,7 @@ For more details please see [Client-Side Remote State Encryption](/docs/language

Set `TF_REMOTE_STATE_DECRYPTION_FALLBACK` to a fallback configuration for client-side remote state decryption.

When decrypting remote state, Terraform will always try the configuration in `TF_REMOTE_STATE_ENCRYPTION` first,
When decrypting remote state, Terraform will always try the configuration in `TF_REMOTE_STATE_ENCRYPTION` first,
then try this one, if provided.

This is useful for key rotation, permanent decryption, and switching between state crypto providers. Just set this
You are viewing a condensed version of this merge commit. You can view the full changes here.