Secret management

In the past I’ve used Pulumi which offers a secrets management solution that allows stack based secrets to be checked into git while being encrypted.

I’ve been looking for a similar solution with Terraform CDK and haven’t found one. Does Terraform CDK offer a similar solution so that I don’t have to expose my stack based secrets (like mongoPassword in the Pulumi example above)?

CDKTF itself does not manage secrets, but it plays nicely with Terraform Cloud. Terraform Cloud has workspace specific variables and these can be sensitive / secrets. Here are our docs on how to work with CDKTF on Terraform Cloud. It’s a best practice for CDKTF to use TerraformVariables to keep secrets out of the state.