Support Ephemeral Resources

[msnook]

Feature / Enhancement proposed

With the release of Terraform 1.10, Terraform now supports ephemeral resources. Documentation on this feature can be viewed here. This capability replaces data lookups for sensitive data, ensuring the sensitive data is not stored in plaintext in the statefile. With the initial release, support exists for AWS Secrets Manager (aws_secretsmanager_secret_version) and Azure Key Vault (azurerm_key_vault_secret).

I am requesting support for ephemeral to be used in conjunction with tss_secret, allowing secrets to be retrieved from Delinea Secret Server ensuring that sensitive data is not persisted in plaintext to the statefile.

Workarounds

There are no known workarounds.

Has the feature been requested before?

The feature has not yet been requested.

If the feature request is approved, would you be willing to submit a PR?

(Help can be provided if you need assistance submitting a PR)

[x] Yes [] No

[Ausjorg]

This is a great idea! Enabling Terraform’s ephemeral resource capability will greatly improve the security of sensitive data by ensuring that secrets are not stored in plaintext within the Terraform state file. This aligns perfectly with best practices for securing infrastructure as code, making workflows more secure and reliable. Please prioritize this enhancement, it’s a critical step forward for secure Terraform workflows.

[hcp-blara]

Thanks for opening this @msnook!

Here is the direct link to HashiCorp's dev documentation regarding the new abstraction:
Ephemeral Resources

Also, here is our GoDoc on the new package available through the Terraform Plugin Framework:
ephemeral Package Documentation