Hi!
I’m using the data source google_kms_secret
to decrypt sensitive values (auth tokens etc.) during TF execution. Unfortulately, this means that the decrypted plaintext will end up in the TF state file which is something I would like to avoid.
I assumed there is a way to do this with ephemeral
resources, but this does not appear to be possible. Am I missing something here, or is there currently no way to do this?
I’m also open to suggestions for alternative ways of storing secrets. I mainly try to not have secrets stored in my TF files in plain text as I track them with git and not have them in the state file.
Thanks!