AWS Secrets
The aws_secret helper fetches secret data from AWS Secrets Manager.
Example
app/stacks/demo/tfvars/dev.tfvars
user = "<%= aws_secret("demo-#{Terraspace.env}-user") %>"
pass = "<%= aws_secret("demo-#{Terraspace.env}-pass") %>"
For example if you have these secret values:
$ aws secretsmanager get-secret-value --secret-id demo-dev-user | jq '.SecretString'
bob
$ aws secretsmanager get-secret-value --secret-id demo-dev-pass | jq '.SecretString'
test
.terraspace-cache/us-west-2/dev/stacks/demo/01-dev.auto.tfvars
user = "bob"
pass = "test"