Learn how to get started with the Auth0 Terraform Provider to automate your Auth0 configuration.
Read more…
. Brought to you by @deepu
Need clarification or have questions on this topic? Let us know!
Interesting, thanks for showing that. I had been considering the Terraform provider and wanted to know what working with it would look like, so this post helped me.
Seeing this I’m not comfortable with the client secrets being stored in the tfstate, it makes me uncomfortable because the state management is only as good as my diligence (or lack of).
I don’t suppose there’s a way to have the client secrets not be stored in the TFState?
I’ve been using the Auth0 Deploy CLI which is more ‘stateless’ and that feels like the right way to do Auth0 deployments, but that’s based on my risk profile, I’m sure a TF way is perfectly good for others.
Hi @sha256, thanks for the question. I assume you are talking about client_secret from the auth0_client resource output. I understand your concern. Unfortunately, I don’t think there is a way around this unless you use private_key_jwt or remove the read:client_keys scope from the M2M app used by the Terraform client. I’ll investigate this further and get back to you if there is another way around this.
In the meantime you can find more info here: Terraform Registry