Restrict to modify the Terraform source code

87 Views Asked by sathishkumar P At 16 December 2023 at 12:13

How to encrypt or protect the terraform source tf. I dont want others to change or view the content inside terraform main.tf files.

Is there anyway to convert this main.tf as executable or encrypted version to understand by terraform apply commamd

I don't want anyone to view or modify the source file. At a same time i need to share with them to execute terraform apply command from individual project machine

Original Q&A

There are 1 best solutions below

harshavmb On 16 December 2023 at 18:47

It is not possible with terraform binary as it loads only hcl config files aka *.tf files. You can find the relevant code here.

Config files are meant for sharing unless they contain sensitive data. For whatever reason you don't want to share the config files, you could write a wrapper to encrypt the *.tf files at the source & at the destination you decrypt them before executing apply. Despite doing this it's relatively easy to find what's in the config files by below means

looking at the plan/apply stdout
looking at the state file to find out resources/data sources
if they know the decrypt key

To conclude, it makes little to no sense to restrict the tf config files.

Restrict to modify the Terraform source code

There are 1 best solutions below

Related Questions in ENCRYPTION

Related Questions in MODULE

Related Questions in TERRAFORM

Related Questions in PROTECTED

Related Questions in RESTRICTION

Trending Questions

Popular # Hahtags

Popular Questions