Reputation: 141
Terraform custom provider override diffing on encrypted values
First time I'm creating a custom provider so I'm sorry if this is a silly question to ask.
One of the resources is taking a Kubernetes secret and encrypting it as a sealed secret then pushing it to a Git repository.
I have noticed an issue with the Terraform diffing of this value. In the ReadContext func I'm grabbing the requested resource from Git and then setting the value using the Set func from ResourceData. The problem is that this value is encrypted in Git and comparing it with the current value in the main.tf will always trigger an update since that value is in cleartext.
I have tried using the CustomizeDiff in the schema.Resource, but I have not been able to working the way I want it to.
One way to solve this is to override the Terraform diffing by encrypting the value in main.tf and comparing it with the value stored in Git.
Is this possible, or have I misunderstood the problem?
Upvotes: 0
Views: 96
Answers (0)
Related Questions
- Is provider variable possible in terraform?
- Terraform explicitly pass multiple provider
- Encrypt Environment variable and call it in the terraform code
- Make Map values sensitive in custom Terraform provider
- When creating flexible terraform module to customize optional parameters
- how to override Map variable values defined on module level on terraform
- Pass/Override Terraform object variable via command line
- Hiding a secret in Terraform for Azure with a caveat
- Overriding default values from terraform public registry modules
- Does terraform allow us to override variables