mirror of https://github.com/opentffoundation/opentf.git synced 2025-12-19 17:59:05 -05:00

Files

Christian Mesh b2bf39802a Implement the first part of RFC 20250303-linter-policy (#2577 )

Signed-off-by: Christian Mesh <christianmesh1@gmail.com>

2025-03-10 13:16:27 -04:00

protocol

Fixes #2337 : External encryption method (#2367 )

2025-01-31 12:13:18 -05:00

testmethod

Implement the first part of RFC 20250303-linter-policy (#2577 )

2025-03-10 13:16:27 -04:00

command.go

Implement the first part of RFC 20250303-linter-policy (#2577 )

2025-03-10 13:16:27 -04:00

compliance_test.go

Implement the first part of RFC 20250303-linter-policy (#2577 )

2025-03-10 13:16:27 -04:00

config.go

Fixes #2337 : External encryption method (#2367 )

2025-01-31 12:13:18 -05:00

descriptor.go

Fixes #2337 : External encryption method (#2367 )

2025-01-31 12:13:18 -05:00

protocol.go

Fixes #2337 : External encryption method (#2367 )

2025-01-31 12:13:18 -05:00

README.md

Fixes #2337 : External encryption method (#2367 )

2025-01-31 12:13:18 -05:00

README.md

External encryption method

Warning

This file is not an end-user documentation, it is intended for developers. Please follow the user documentation on the OpenTofu website unless you want to work on the encryption code.

This directory contains the external encryption method. You can configure it like this:

terraform {
  encryption {
    method "external" "foo" {
      keys = key_provider.some.provider
      encrypt_command = ["/path/to/binary", "arg1", "arg2"]
      decrypt_command = ["/path/to/binary", "arg1", "arg2"]
    }
  }
}

The external method must implement the following protocol:

On start, the method binary must emit the header line matching the header schema on the standard output.
OpenTofu supplies the input metadata matching the input schema on the standard input.
The method binary must emit the output matching the output schema on the standard output.