The terraform plan command is used to create an execution plan. Terraform performs a refresh, unless explicitly disabled, and then determines what actions are necessary to achieve the desired state specified in the configuration files.
Saved plan files (with the -out flag) encode the configuration, state, diff, and variables. Variables are often used to store secrets. Therefore, the plan file can potentially store secrets.
Terraform itself does not encrypt the plan file. It is highly recommended to encrypt the plan file if you intend to transfer it or keep it at rest for an extended period of time.
OUTLINE
00:00 terraform plan -var-file "env/dev.tfvars" - out="dev.plan"
00:40 Check if terraform.tf was created
00:50 Plan was encoded with configuration, state, diff, and variables
01:05 terraform apply dev.plan
#terraform #plan #devops
Tech Tips
コメント