Package vaultutil includes helper functions for communicating with Vault.

MaskSensitiveStateValues redacts any Vault secrets in a Terraform human-readable state file more specifically, any Terraform datasource beginning with `vault_` will be redacted from the output.

RemoveUndeclaredWarnings takes in Terraform plan outputs and removes any warnings about undeclared variables which happen due to partial backend initialization tf doesn't give you an option to remove these warnings https://github.com/hashicorp/terraform/issues/22004 and we cannot use compact warnings due to limitations in the tfexec library so this is the next best option.

Run is responsible for the full lifecycle of creating/updating/deleting a Terraform repo.

WriteTemplate is responsible for templating a file and writing it to the location specified at out note that this is not a struct method as generics are incompatible with methods.

standardized AppSRE terraform secret keys.

standardized AppSRE terraform secret keys.

standardized AppSRE terraform secret keys.

standardized AppSRE terraform secret keys.

terraform specific filenames the "auto" vars files will automatically be loaded by the tf binary.

terraform specific filenames the "auto" vars files will automatically be loaded by the tf binary.

FolderPerm is 0770 in chmod.

terraform specific filenames the "auto" vars files will automatically be loaded by the tf binary.

Executor includes required secrets and variables to perform a tf repo executor run.

Input holds YAML/JSON loaded from CONFIG_FILE and is passed from Qontract Reconcile.

Repo represents an individual Terraform Repo.

StateVars are used to render the raw statefile in markdown.

TfCreds is made up of AWS credentials and configuration for using an S3 backend with Terraform.

TfVariables are references to Vault paths used for reading/writing inputs and outputs.

TfVars are secrets and IDs required for setting up a Terraform S3 backend.