Hacker News new | ask | show | jobs
by kasfkaj 983 days ago
Yes, this. Just supply a few flags to configure terraform backend to store the state in remote storage and encrypt it.

terraform init --backend=gcs --bucket="xxx" --prefix="my-deployment-name" --encryption_key="my-random-bits"
1 comments
Hnrobert42 981 days ago
Again, that just puts a bandaid over the problem. You can’t individual audit access to or rotate secrets stored state files.
link