I have the following flow:
- You work on Terraform code locally
- You push the code to Gitlab
- Gitlab pipeline automatically run terraform init, terraform plan and terraform apply (manually)
The question is about secrets. I need to place them to Azure KeyVault, thus I have "value" field in Terraform code, which cannot be placed to Gitlab as plain text. If I place secrets to file and decrypt a file using "git-crypt" - it gets to Gitlab encrypted and Terraform sees it as encrypted already and creates an encrypted secret. Any ideas how to do it?
I'm creating the secret via Terraform this way:
resource "azurerm_key_vault_secret" "example" {
name = "secret-sauce"
value = "szechuan"
key_vault_id = azurerm_key_vault.example.id
}
CodePudding user response:
Can you pls provide TF code here. If you fetch keys from keyvault using 'data' block, then it should not be placed in plain text format in GitLab. Still would request you to put codes here, so that I can understand better.