How do you integrate pulumi with terraform? I am s...
# generalb
boundless-waiter-17971
11/25/2024, 6:46 PMHow do you integrate pulumi with terraform? I am specifically talking about secrets which should not be visible on tf vars, so opening the environment and passing the data to terraform through TF_VARS doesn’t seem fully correct - or am I missing something? (https://www.pulumi.com/docs/esc/integrations/infrastructure/terraform/)
Basically I would like to use pulumi esc as a source for terraform, so that it can coordinate with vercel / google secret manager and keep the values in sync. What do you think?
l
little-cartoon-10569
11/25/2024, 6:51 PMI think you just use environment variables.
esc run devenv -- tf planb
boundless-waiter-17971
11/25/2024, 6:52 PMaren’t TF vars visible in plaintext (e.g. in the tf state files)? Should we save API keys there?
l
little-cartoon-10569
11/25/2024, 8:06 PMThey're only available for the life of the executing environment. Yes, they're in plain text for that duration, and in that process.
little-cartoon-10569
11/25/2024, 8:10 PMAlso see this:
The command to run is assumed to be non-interactive by default and its output streams are filtered to remove any secret values. Use the -i flag to run interactive commands, which will disable filtering.From https://www.pulumi.com/docs/esc/cli/commands/esc_run/
little-cartoon-10569
11/25/2024, 8:10 PMSo if you accidentally log a secret to the console in your Pulumi program, that at least will be mangled.
little-cartoon-10569
11/25/2024, 8:11 PMBTW I'm not talking about TFvars. Just env vars.
b
boundless-waiter-17971
11/26/2024, 5:25 PMOk thank you, let me look more into this! 🙂
2 Views