Protecting the state file in the Azure remote backend
When executing the Terraform workflow commands, which are mainly terraform plan, terraform apply, and terraform destroy, Terraform has a mechanism that allows it to identify which resources need to be updated, added, or deleted. To perform this mechanism, Terraform maintains a file called a Terraform state file that contains all the details of the resources provisioned by Terraform. This Terraform state file is created the first time the terraform plan command is run and is updated with each action (apply or destroy).
For more information about how to manage the Terraform state, read Chapter 5, Managing Terraform State.
In an enterprise, the Terraform state file can present certain interesting problems:
- Sensitive information on the provisioned resources is mentioned in clear text.
- If several people are working together, this file must be shared by everyone, or, by default, this file is created...
