mirror of https://github.com/status-im/consul.git
docs/nia: recommend sensitive variables for module authoring (#9692)
This commit is contained in:
parent
27e80ce5be
commit
6b92b778c5
|
@ -162,7 +162,8 @@ Network infrastructure differs vastly across teams and organizations, and the au
|
|||
1. Identify areas in the module where practitioners could tailor the automation to fit their infrastructure.
|
||||
2. Declare input variables and insert the use of variables throughout module resources to expose these options to practitioners.
|
||||
3. Include descriptions to capture what the variables are and how they are used, and specify [custom validation rules for variables](https://www.terraform.io/docs/configuration/variables.html#custom-validation-rules) to provide context to users the expected format and conditions for the variables.
|
||||
4. Set reasonable default values for variables that are optional, and omit default values for variables that are required module arguments.
|
||||
4. Set reasonable default values for variables that are optional, or omit default values for variables that are required module arguments.
|
||||
5. Set the [sensitive argument](https://www.terraform.io/docs/language/values/variables.html#suppressing-values-in-cli-output) for variables that contain secret or sensitive values. When set, Terraform will redact the value from output when Terraform commands are run.
|
||||
|
||||
Terraform is an explicit configuration language and requires variables to be declared, typed, and passed explicitly through as module arguments. Consul-Terraform-Sync abstracts this by creating intermediate variables at the root level from values intended for the module. These values are configured by practitioners within the [`task` block](/docs/nia/configuration#variable_files). Value assignments are parsed to interpolate the corresponding variable declaration and are written to the appropriate Terraform files. A few assumptions are made for the intermediate variables: the variables users provide Consul-Terraform-Sync are declared and supported by the module, matching name and type.
|
||||
|
||||
|
|
Loading…
Reference in New Issue