Managing sensitive data when using Terraform

Sensitive data must be well architected. As applications and infrastructure scale out, it's increasingly important to track and handle sensitive data carefully. You can use the following approaches to help protect sensitive data in your AWS accounts when deploying Terraform IaC:

Protecting sensitive data in the Terraform state file – You can help protect sensitive data from the moment that it is first ingested into AWS Secrets Manager. For example, you could immediately rotate the secret to help preserve its secrecy.
Accessing and managing secrets for Amazon EKS – Manage all secrets for Amazon Elastic Kubernetes Service (Amazon EKS) in Secrets Manager.
Using VPC endpoints to keep sensitive data in known networks – Traffic for sensitive data should not leave private networks. This helps prevent attacks and data exfiltration.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using a naming convention

Protecting sensitive data in the Terraform state file