Just wanted to start a discussion around improving infisical run for Terraform workflows
Terraform expects variables to be passed as env vars with the TF_VAR_ prefix and snake_case lowercase keys(common pattern).
Mostly to store secrets we use UPPER_SNAKE_CASE which leads to
- Renaming secrets just for Terraform
- Wrapper scripts to transform env vars
- Extra workarounds for similar workflows
- Opt-in --secret-prefix flag
infisical run --secret-prefix=TF_VAR_ terraform apply
- Optional key transformation
Add a transformation flag to handle naming conventions:
--transform-secret-key=lowercase|snakecase|kebabcase
DB_PASSWORD → TF_VAR_db_password
Why this helps?
- Seamless Terraform usage or other usecases
- No secret renaming
- No wrapper scripts
Aligns with common IaC + secret management patterns
Just wanted to start a discussion around improving infisical run for Terraform workflows
Terraform expects variables to be passed as env vars with the TF_VAR_ prefix and snake_case lowercase keys(common pattern).
Mostly to store secrets we use UPPER_SNAKE_CASE which leads to
Add a transformation flag to handle naming conventions:
DB_PASSWORD → TF_VAR_db_passwordWhy this helps?
Aligns with common IaC + secret management patterns