How can I describe user passwords using tf (do not write them in clear text)?
And how to describe dynamically changing entities (nodes, for example) that are deleted every week or month and new ones are created?
It depends exactly what you are waiting to achieve.
In general I’d suggest storing secrets outside of your Terraform. For example we use Vault for static secrets, or we auto-generate some secrets within the code (using the random provider).
For the changing entities it depends where those changes come from. Again if you want that to be managed via Terraform you can use the
time_rotating resource from the time provider to trigger nodes, etc. to be destroyed & recreated. If however those resources are managed elsewhere I’d suggest keeping them outside of Terraform - resources should either be fully managed by the Terraform code or fully managed by something else. You shouldn’t try to add resources in Terraform which are substantially managed elsewhere or you’ll find yourself battling against Terraform, as it will try to undo those changes. If you do need to reference those resources you can use data sources.
Thanks for the answer.
Account passwords will not be stored in the TF, this is not a good practice.
Changing entities are managed elsewhere and adding to TF is also not the best way.
However, these two points need to be described in the TF.
What do you mean by “described in the TF”? Are you needing to reference the dynamic entities in some way for other resources managed by TF?
Yes, that’s right.
I need to reference dynamic objects for other tf managed resources.