Feature Preview: State Encryption
HTML-код
- Опубликовано: 9 июн 2024
- In this feature preview, we are taking a look at the upcoming state encryption feature in OpenTofu 1.7. This feature will allow you to encrypt your state and plan files at rest using a local key or a key management system.
Short: • Feature preview: OpenT...
Weekly engineering sync: calendar.google.com/calendar/...
OpenTofu Slack: opentofu.org/slack/
GitHub Discussions: github.com/orgs/opentofu/disc...
State encryption technical documentation: github.com/opentofu/opentofu/...
Slides: docs.google.com/presentation/...
0:00 Introduction
0:26 Why state encryption?
1:45 Configuring encryption
4:07 Key/method rollover
5:53 External tooling and timeline
6:57 More information - Наука
Do you want a quick overview? Here's the short version: ruclips.net/user/shortsYEn2wGhhkbI
As a user of OpenTofu, how can I programmatically determine which key is currently used for encryption of something that tofu is encrypting? It seems like whether or not an apply has been run will determine this.
Thank you for the question @yousifakbar. For encryption, OpenTofu will always use the method you specified in the target block, such as statefile{}, planfile{}, etc. It will never use the fallback block for encryption, only for decryption. The method itself is then linked to a key provider, so your key provider is where you control which key to use. In practice, that will either be a passphrase provider or a KMS system.