Created
December 12, 2022 17:26
-
-
Save whazor/d53fb758623959fa66d016d0e44b706e to your computer and use it in GitHub Desktop.
terraform sops
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .tfstate files | |
| *.tfstate | |
| *.tfstate.* | |
| # do not ignore encrypted tfstate files, with .enc inside | |
| !*.enc.tfstate | |
| !*.enc.tfstate.* | |
| # unless it is decrypted | |
| *.decrypted*tfstate | |
| *.decrypted*tfstate.* |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| creation_rules: | |
| # I want to add regex such to keep some properties, but entire file is works for now | |
| - path_regex: (\.enc)?\.tfstate(\.backup)?$ | |
| age: "age........." |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sops --decrypt terraform.enc.tfstate > terraform.tfstate | |
| terraform $@ | |
| sops --encrypt terraform.tfstate > terraform.enc.tfstate |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment