{"id":37214622,"url":"https://github.com/numtide/terraform-provider-secret","last_synced_at":"2026-01-15T00:50:10.552Z","repository":{"id":41178061,"uuid":"378995573","full_name":"numtide/terraform-provider-secret","owner":"numtide","description":"Terraform provider that holds secrets in its state","archived":false,"fork":true,"pushed_at":"2023-05-08T16:09:56.000Z","size":8273,"stargazers_count":4,"open_issues_count":2,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-13T21:54:02.476Z","etag":null,"topics":["terraform-provider"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"tweag/terraform-provider-secret","license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/numtide.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-06-21T16:29:17.000Z","updated_at":"2023-07-01T17:03:48.000Z","dependencies_parsed_at":"2023-02-17T22:45:57.110Z","dependency_job_id":null,"html_url":"https://github.com/numtide/terraform-provider-secret","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/numtide/terraform-provider-secret","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtide%2Fterraform-provider-secret","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtide%2Fterraform-provider-secret/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtide%2Fterraform-provider-secret/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtide%2Fterraform-provider-secret/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/numtide","download_url":"https://codeload.github.com/numtide/terraform-provider-secret/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtide%2Fterraform-provider-secret/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28440529,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-15T00:34:46.850Z","status":"ssl_error","status_checked_at":"2026-01-15T00:34:46.551Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["terraform-provider"],"created_at":"2026-01-15T00:50:09.921Z","updated_at":"2026-01-15T00:50:10.543Z","avatar_url":"https://github.com/numtide.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"Terraform `secret` Provider \u0026#x1F49C;\n===================================\n\nThe `secret` provider has one mission: store secrets in the Terraform state.\n\nPlease be careful about your security stance before adopting this!\n\nThe main goal of this provider is that a lot of time, terraform contains\nsecrets in it's state file anyways. Instead of putting them in the repo and\nthe loading them with `\"${file(\"./secret\")}\"` why not import them directly\ninto the state file?\n\nWhen using a remote state file, the state is automatically distributed with\nthe new secret which makes key rotation easier.\n\nThis is a better solution than storing secrets in Git. Look at adopting\nHashicorp Vault in the longer term.\n\n## Requirements\n\n-\t[Terraform](https://www.terraform.io/downloads.html) 0.12.x\n-\t[Go](https://golang.org/doc/install) 1.11 (to build the provider plugin)\n\n## Installation\n\n### Install via `go get`\n\n1. Follow these [instructions](https://golang.org/doc/install) to setup a Golang development environment.\n2. Use `go get` to pull down this repository and compile the binary:\n\n```\ngo get -u -v github.com/numtide/terraform-provider-secret\n```\n\nThe binary will be placed in `$GOPATH/bin` or `$HOME/go/bin` if `$GOPATH` is not set.\n\n### Install via Nix\n\nIf you are lucky enough to use [Nix](https://builtwithnix.org), it's\nalready part of the full terraform distribution:\n\n```sh\nnix-env -iA nixpkgs.terraform-full\n```\n\n### Compile from source\n\nClone the repository:\n\n```sh\n$ git clone git@github.com:numtide/terraform-provider-secret\n```\n\nEnter the provider directory and build the provider\n\n```sh\n$ cd terraform-provider-secret\n$ GO111MODULE=on go build\n```\n\n## Usage\n\n### Provider installation\n\n* Copy the `terraform-provider-secret` binary to `~/.terraform.d/plugins` (recommended) or any location specified by [Terraform documentation](https://www.terraform.io/docs/extend/how-terraform-works.html#plugin-locations).\n\n* Add the line `provider \"secret\" {}` line to `main.tf`\nTo prevent warnings, you may optionally add a version lock to the provider entry in the form of `provider \"secret\" { version = \"~\u003e X.Y\"}` where `X.Y` is the version you wish to pin. Note that when the binary is built no version suffix is specified; you will need to manually add `_vX.Y` to the provider binary unless you directly use release from Github.\n\n* Run `terraform init`.\n\n### Using `secret_resource`\n\n**Schema**:\n\n* `value`, string: Returns the value of the secret\n\n### Example\n\nHere we declare a new resource that will contain the secret.\n\n```tf\nresource \"secret_resource\" \"datadog_api_key\" {\n  lifecycle {\n    # avoid accidentally loosing the secret\n    prevent_destroy = true\n  }\n}\n```\n\nTo populate the secret, run\n```sh\nterraform import secret_resource.datadog_api_key TOKEN\n```\nwhere `TOKEN` is the value of the token.\n\nOr to import from a file:\n```sh\nterraform import secret_resource.datadog_api_key \"$(\u003c ./datadog-api-key)\"\n```\n\nOnce imported, the secret can be accessed using\n`secret_resource.datadog_api_key.value`\n\n### Rotating secrets\n\n```sh\nterraform state rm secret_resource.datadog_api_key\nterraform import secret_resource.datadog_api_key NEW_TOKEN\n```\n\n### Importing binary secrets\n\nThe secret values can only contain UTF-8 encoded strings. If the secret is a\nbinary key, a workaround it to encode it first as base64, then use the\nterraform `base64decode()` function on usage.\n\nEg:\n\n```sh\nterraform import secret_resource.my_binary_key \"$(base64 ./binary-key)\"\n```\n\nThen on usage:\n\n```tf\nresource \"other_resource\" \"xxx\" {\n  secret = base64decode(secret_resource.my_binary_key.value)\n}\n```\n\n## Developing the Provider\n\nIf you wish to work on the provider, you'll first need\n[Go](http://www.golang.org) installed on your machine (version 1.8+ is\n*required*). You'll also need to correctly setup a\n[GOPATH](http://golang.org/doc/code.html#GOPATH), as well as adding\n`$GOPATH/bin` to your `$PATH`.\n\nTo compile the provider, run `make build`. This will build the provider and\nput the provider binary in the `$GOPATH/bin` directory.\n\n```sh\n$ make bin\n...\n$ $GOPATH/bin/terraform-provider-secret\n...\n```\n\nIn order to test the provider, you can simply run `make test`.\n\n```sh\n$ make test\n```\n\nIn order to run the full suite of Acceptance tests, run `make testacc`.\n\n*Note:* Acceptance tests create real resources, and often cost money to run.\n\n```sh\n$ make testacc\n```\n\n## Related projects\n\n* https://github.com/carlpett/terraform-provider-sops - allows to decode\n  in-repo secrets on the fly.\n\n## License\n\nThis work is licensed under the Mozilla Public License 2.0. See\n[LICENSE](LICENSE) for more details.\n\n## Sponsors\n\nThis work has been sponsored by [Digital Asset](https://digitalasset.com) and [Tweag I/O](https://tweag.io).\n\n[![Digital Asset](https://avatars1.githubusercontent.com/u/9829909?s=200\u0026v=4)](http://digitalasset.com)\n[![Tweag I/O](https://avatars1.githubusercontent.com/u/6057932?s=200\u0026v=4)](https://tweag.io)\n\nThis repository is maintained by [Numtide](http://numtide.com)\n\nHave questions? Need help? Tweet at\n[@numtide](http://twitter.com/numtide).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnumtide%2Fterraform-provider-secret","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnumtide%2Fterraform-provider-secret","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnumtide%2Fterraform-provider-secret/lists"}