From 1067320b112ca5bba126f88cf9476e3e4809a92c Mon Sep 17 00:00:00 2001 From: Siddhartha Sonker <158144589+siddharthasonker95@users.noreply.github.com> Date: Fri, 3 May 2024 19:30:10 +0530 Subject: [PATCH] Fixed broken link in `State and Plan Encryption` documentation (#1597) Signed-off-by: siddharthasonker95 <158144589+siddharthasonker95@users.noreply.github.com> --- website/docs/language/state/encryption.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/language/state/encryption.mdx b/website/docs/language/state/encryption.mdx index 8f3530607c..4fa9bab75a 100644 --- a/website/docs/language/state/encryption.mdx +++ b/website/docs/language/state/encryption.mdx @@ -39,7 +39,7 @@ However, encryption does not protect against data loss (your state file getting When you enable encryption, consider who needs access to your state file directly. If you have more than a very small number of people with access needs, you may want to consider running your production `plan` and `apply` runs from a continuous integration system to protect both the encryption key and the sensitive values in your state. -You will also need to decide what kind of key you would like to use based on your security requirements. You can either opt for a static passphrase or you can choose a key management system. If you opt for a key management system, it is imperative to configure automatic key rotation for some encryption methods. This is particularly crucial if the encryption algorithm you choose has the potential to reach a point of 'key saturation', where the maximum safe usage limit of the key is approached, such as AES-GCM. You can find more information about this in the [encryption methods](#encryption-methods) section below. +You will also need to decide what kind of key you would like to use based on your security requirements. You can either opt for a static passphrase or you can choose a key management system. If you opt for a key management system, it is imperative to configure automatic key rotation for some encryption methods. This is particularly crucial if the encryption algorithm you choose has the potential to reach a point of 'key saturation', where the maximum safe usage limit of the key is approached, such as AES-GCM. You can find more information about this in the [encryption methods](#methods) section below. Finally, before enabling encryption, please exercise your disaster recovery plan and make a temporary backup of your unencrypted state file. Also, make sure you have backups of your keys. Once you enable encryption, OpenTofu cannot read your state file without the correct key.