Is it safe to commit a Terraform file to GitHub?

This page summarizes the projects mentioned and recommended in the original post on /r/Terraform

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • sops

    Simple and flexible tool for managing secrets

  • Unfortunately, the SOPS project is in some sort of a limbo state and there has been quite a long period with limited maintenance and unclear position from Mozilla. Despite the project being accepted into the CNCF, it's still unclear what will happen with it going forward.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • I'm not sure about project_id being a sensitive value. Account IDs are not officially considered sensitive in AWS circles, but most people still treat them that way. I checked mine in before for the only GCP thing I ever did, https://github.com/iangrunt/multi-cloud-terragrunt-filesystem/blob/main/gcp/sre-projects/project-delta/project.hcl. This would be considered a "root module" (it's not) where that would be a private repo anyways, so checking in account IDs would be fine. That being said, it is still possible to write root modules and use the context of your pipelines to get these kinds of values more safely.

  • git-crypt

    Transparent file encryption in git

  • Apart from a few exceptions (like ansible for example, which supports native encryption), we moved away from encrypted secrets in git repos and use external things, depending on the platform (like parameter store / secrets manager for AWS or keyvault for Azure - both of these do track changes, btw), so I haven't looked for quite a while. Back in ye olden days we used https://github.com/AGWA/git-crypt which worked quite nicely, but the key management is cumbersome and it's based on GPG, which in itself is a bit of a light redish flag these days.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Pico.sh – Hacker Labs

    5 projects | news.ycombinator.com | 21 Apr 2024
  • Encrypting your secrets with Mozilla SOPS using two AWS KMS Keys

    3 projects | dev.to | 16 Jan 2024
  • Storing and managing private keys

    1 project | /r/golang | 20 Sep 2023
  • How to secure secrets of docker-compose stacks with git?

    1 project | /r/selfhosted | 11 Jul 2023
  • using keyring - no keyring set and giving errors about backend

    2 projects | /r/linuxadmin | 5 Jun 2023