Best practive to create a secret


I’m creating a postgres user with a random secret generated by my cloud provider. This value is stored in a sensitive value in tfstate and I can get it using terraform output or terraform show.

I’d like to send this value immédiatly after creation in a kms system (like vault) and in a secret on my kubernetes cluster where a job will trigger to perform some initials actions and will remove that secret after its finish.

I don’t know how to accomplish that. Is someone could give me a workflow for that please ?

thanks in advance for your help :slight_smile: