Hey there,
I have a lot of passwords that I use in the terraform code itself. In order to mitigate the security threat, I am planning to put the Password in AWS Secrets Manager. Now, fetch those passwords into an environment variable in an encrypted form and pass it to the terraform code. So basically I want the decryption at the last stage.