mirror of
https://github.com/opentofu/opentofu.git
synced 2024-12-30 10:47:14 -06:00
b2b5831205
To reduce the risk of secret exposure via Terraform state and log output, we default to creating a relatively-short-lived token (20 minutes) such that Vault can, where possible, automatically revoke any retrieved secrets shortly after Terraform has finished running. This has some implications for usage of this provider that will be spelled out in more detail in the docs that will be added in a later commit, but the most significant implication is that a plan created by "terraform plan" that includes secrets leased from Vault must be *applied* before the lease period expires to ensure that the issued secrets remain valid. No resources yet. They will follow in subsequent commits. |
||
---|---|---|
.. | ||
main.go |