- HCL 100%
| .gitsecret | ||
| assets | ||
| .gitignore | ||
| .opentofu-version | ||
| .terraform.lock.hcl | ||
| main.tf | ||
| README.md | ||
| terraform.tfvars.secret | ||
| variables.tf | ||
infra-secrets
This project contains all secrets stored that are reused onto my other repositories and stacks. These secrets are stored on the OpenBao service.
Usage
When manipulating this stack, it is needed to decrypt the variables file. This file is encrypted using git-secret, and uses GPG for encryption.
Encrypt
Needed before uploading to Git, otherwise the new secret values will not be stored.
$ git-secret hide
Decrypt
Required before doing antything, otherwise the terraform.tfvars file will not exist.
$ git-secret reveal
Apply changes
This stack uses OpenTofu instead of Terraform. I recommend using tofu-env.
The .opentofu-version file will force the same OpenTofu version accross any environment.
$ tofu init
$ tofu apply
Variables
There is one single variable called secrets. This is a map of maps. Each object is a dedicated secret which contains
multiple keys. For example, the following code will create two secrets: secret1 and secret2, each of them with two keys.
This is useful to group secrets. For example, to place all Cloudflare or Grafana secrets together.
secrets = {
secret1 = {
key1 = value1
key2 = value2
}
secret2 = {
key1 = value1
key2 = value2
}
}
