OpenTofu
State encryption with AWS KMS #2382
hyphen1370
started this conversation in
General
Replies: 1 comment
-
|
Hi @hyphen1370 ! OpenTofu supports AWS KMS as a key provider, but not as an encryption method. We are only using the GenerateDataKey API here. In other words, no, this limitation does not apply to OpenTofu. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I would like to encrypt the state file with AWS KMS encryption. For AWS KMS, there is limit of how much data it can encrypt depending the encryption algorithm:
https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html
Is this limit apply with openTofu? I would like to use to do RSA_4096 with RSAES_OAEP_SHA_256 since it is only support algorithm for self imported AWS KMS key.
Also, how to specify AWS profile when using state encryption?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions