Dev Tools · 3h ago
Terraform 1.11 Ephemeral Resources: How to Keep Secrets Out of State
HashiCorp's Terraform 1.11 introduces ephemeral resources and write-only attributes to prevent secrets from being stored in state files. The new feature allows secrets to be used only in provider blocks and write-only arguments, not in regular resource attributes. Users must update configurations to replace data sources with ephemeral resources for static secrets and use write-only arguments for dynamic secrets.
Meridian48 take
This is a practical security upgrade for Terraform users, but adoption requires provider support for write-only attributes, which may lag behind.
terraformsecrets-management