How to encrypt or protect the terraform source tf. I dont want others to change or view the content inside terraform main.tf files.
Is there anyway to convert this main.tf as executable or encrypted version to understand by terraform apply commamd
I don’t want anyone to view or modify the source file. At a same time i need to share with them to execute terraform apply command from individual project machine
It is not possible with terraform binary as it loads only hcl config files aka *.tf files. You can find the relevant code here.
Config files are meant for sharing unless they contain sensitive data. For whatever reason you don’t want to share the config files, you could write a wrapper to encrypt the *.tf files at the source & at the destination you decrypt them before executing apply. Despite doing this it’s relatively easy to find what’s in the config files by below means
- looking at the
plan/applystdout - looking at the state file to find out resources/data sources
- if they know the decrypt key
To conclude, it makes little to no sense to restrict the tf config files.
You cannot keep the Terraform file secret and allow it to be applied at the same time. Terraform has to read it to apply it so it cannot possibly be secret.