I have a Terraform output file (output.tf) that contains sensitive information, such as function app publishing credentials and storage account access keys. I want to securely store and access these outputs for my frontend and backend deployment workflows. My backend is a Python application deployed in a Function App, and my frontend is a static website that hosts a static HTML file.
I considered two approaches:
Github Secrets: I thought about getting the output from the Terraform apply workflow run and setting the GitHub secret via the GitHub API. I can't
Azure Key Vault: I also considered provisioning an Azure Key Vault to store the sensitive outputs. However, I'm not sure how to integrate Azure Key Vault with my GitHub workflows.
Expectations:
I want to find a secure and reliable way to store and access the sensitive outputs from my Terraform output file for both my frontend and backend deployment workflows.
Both options are valid. Not sure how you tried the approach with Github API, it would be easier to use Terraform Github provider
If you like to use Azure Key Vault it's possible as well.