terraform-provider-sops
terraform-provider-sops copied to clipboard
carlpett
Add support for ephemeral resources
Terraform 1.10 comes with ephemeral resources. It would be great if the sops provider supported those s.t. the decrypted state isn't leaked in the state file.
https://www.hashicorp.com/blog/terraform-1-10-improves-handling-secrets-in-state-with-ephemeral-values https://developer.hashicorp.com/terraform/plugin/framework/ephemeral-resources#add-ephemeral-resource-to-provider
Hi @pavelzw, Thanks, this looks really interesting for this provider! It appears it requires a migration from the plugin-sdk to the new(ish) plugin-framework, though, so it might be a bit of work.
Using this in conjunction with the new write-only resource attributes landing in Terraform 1.11 will be great for keeping sensitive information out of the state file.
@carlpett would you be interested to get some help on the migration to the new plugin SDK?
the new write-only resource attributes landing in Terraform 1.11
here the corresponding blogpost from hashicorp: https://www.hashicorp.com/de/blog/terraform-1-11-ephemeral-values-managed-resources-write-only-arguments
@multani Thanks for the offer! As it happens though, I've been chipping away at it for a while at evenings, and I just got tests to pass etc, so I think I'm quite close already. What would be useful is if you could test the provider and report if it works? I've created a draft PR here: https://github.com/carlpett/terraform-provider-sops/pull/133. If you need help building or testing, let me know in the PR!
