You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The value is passed as a variable and possibly stored in the terraform state. This is a lambda after all and it can read from the secret manager instead.
Desired Behavior
Have secret_arn as input that can be used instead of license key value.
Possible Solution
Use ARN when available, and fallback to secret value input.
The text was updated successfully, but these errors were encountered:
I understand the concern for storing secret data in state and unfortunately there is no going around that, especially when developing a module which accepts such secret as input.
The best practice is to always treat your Terraform state itself as a secret and store it encrypted in a remote backend (see here).
Also, I rather not implement any specific solution to retrieve a secret for the license key since not everyone uses AWS Secrets Manager, and I'd like to keep this module agnostic.
However, I believe there's still room for improvement, and therefore will upgrade the module to support Terraform v0.14 which has the ability to declare sensitive input variables.
The value is passed as a variable and possibly stored in the terraform state. This is a lambda after all and it can read from the secret manager instead.
Desired Behavior
Have secret_arn as input that can be used instead of license key value.
Possible Solution
Use ARN when available, and fallback to secret value input.
The text was updated successfully, but these errors were encountered: