In this episode, I’m diving into one of the most exciting new features in Terraform 1.10: ephemeral resources. These are designed to solve a big problem—keeping sensitive data like secrets and credentials out of your state and plan files. If you’ve ever been concerned about sensitive information being exposed in Terraform, you’ll want to stick around for this one.
I’ll explain what ephemeral resources are, how they work, and the current limitations you need to know. I’ll also walk you through some practical examples, like securely managing Azure Key Vault secrets and using ephemeral values for provider authentication. Plus, we’ll take a look at what’s coming next for Terraform, including experimental write-only attributes.
⏱️ Video Timeline:
🔑 [0:00] Intro: What are ephemeral resources, and why do they matter in Terraform 1.10?
📜 [0:34] The Problem: Sensitive data in state and plan files—how ephemeral resources help.
🧑💻 [1:41] How They Work: Key differences between ephemeral and managed resources.
🔐 [2:22] Primary Use Case: Provider authentication with ephemeral values.
📂 [4:06] Syntax Overview: Writing ephemeral resource blocks.
🌐 [5:20] Key Vault Example: Using Azure RM ephemeral resources to manage sensitive data.
💡 [7:44] Limitations: Why ephemeral values can't be used with managed resources.
📦 [9:02] Where to Use Them: Valid use cases like locals, outputs, and provisioners.
🛠️ [10:28] Real-World Demo: Configuring the Kubernetes provider with ephemeral credentials.
📜 [15:16] Future Features: Write-only attributes and the evolution of sensitive data handling.
💬 I’d love to hear your thoughts! Are ephemeral resources solving a problem you’ve faced? Do you have suggestions for improvement? Let me know in the comments!
🌟 Code Examples: Check out my Terraform Tuesday repo to try ephemeral resources yourself: https://github.com/ned1313/terraform-tuesdays/tree/main/2024-12-03-EphemeralResources
Here's the PR for write-only attributes: https://github.com/hashicorp/terraform-plugin-framework/pull/1044
✅ Don’t forget to like, comment, and subscribe for more Terraform insights every Tuesday!
🔥 Keep calm and Terraform on. 🤖
#terraform #hashicorp #devops #cloudengineer #gitops
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
⭐ CONNECT WITH ME 🏃🦖
🌐 Day Two Cloud: https://daytwocloud.io
🌐 Chaos Lever: https://chaoslever.com
🌐 Visit my Website ► https://nedinthecloud.com
🗳 Pluralsight ► https://app.pluralsight.com/profile/author/edward-bellavance
🐙 Find the code at GitHub► https://github.com/ned1313
🐧 Twitter ► https://twitter.com/ned1313
👨💼 LinkedIn► https://www.linkedin.com/in/ned-bellavance/
For collaboration or any queries: [email protected]
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
🌮 About Me 🌮
Ned is a curious human with a knack for creating entertaining and informative content. With over 20 years in the industry, Ned brings real-world experience to all his creative endeavours, whether that's pontificating on a podcast, delivering live instruction, writing certification guides, or producing technical training videos. He has been a helpdesk operator, systems administrator, cloud architect, and product manager. In his newest incarnation, Ned is the Founder of Ned in the Cloud LLC. As a one-man-tech juggernaut, he develops courses for Pluralsight, runs two podcasts (Day Two Cloud and Chaos Lever, and creates original content for technology vendors.
Ned has been a Microsoft MVP since 2017 and a HashiCorp Ambassador since 2020, and he holds a bunch of industry certifications that have no bearing on anything beyond his exceptional ability to take exams and pass them. When not in front of the camera, keyboard, and microphone, you can find Ned running the scenic trails of Pennsylvania or rocking out to live music in his hometown of Philadelphia. Ned has three guiding principles: Embrace discomfort, Fail often, and Be kind.