Terraform
Terraform Enterprise Encryption Password
When using internally-managed Vault, Terraform Enterprise requires that the operator specify a password that will be used to to encrypt and decrypt the internally-managed Vault unseal key and root token. This password is called the "encryption password". Please be sure to retain this value as it will be needed in the event of a re-installation.
The encryption password is used to protect the internally-managed Vault unseal key and root token with a password provided by the operator. It allows Terraform Enterprise to securely store the Vault unseal key and root token in PostgreSQL, which means that Vault is only dependent on the encryption password itself and the data in PostgreSQL.
Specifying the Encryption Password
Manual Installation
For manual installations, the encryption password can be specified via the "Encryption Password" field:
Automated Installation
For automated installations, the encryption password can be specified via the enc_password
setting in the
application settings JSON file:
{
"hostname": {
"value": "terraform.example.com"
},
"installation_type": {
"value": "poc"
},
"enc_password": {
"value": "CHANGEME"
}
}
Retrieving the Encryption Password
To retrieve the encryption password that Terraform Enterprise is currently configured to use, connect to your Terraform Enterprise instance and execute the following:
replicatedctl app-config export --template '{{.enc_password.Value}}'