• HashiCorp Developer

  • HashiCorp Cloud Platform
  • Terraform
  • Packer
  • Consul
  • Vault
  • Boundary
  • Nomad
  • Waypoint
  • Vagrant
Terraform
  • Install
  • Tutorials
    • About the Docs
    • Configuration Language
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
    • CDK for Terraform
    • Provider Use
    • Plugin Development
    • Registry Publishing
    • Integration Program
  • Registry(opens in new tab)
  • Try Cloud(opens in new tab)
  • Sign up
Terraform Home

Terraform Enterprise

Skip to main content
  • Terraform Enterprise

  • Overview
  • Operational Modes
    • Pre-Install Checklist
      • Automated Installation
      • Active/Active
      • Initial User Automation
      • Encryption Password
    • Uninstall
  • Migrating to Terraform Enterprise
  • Support

  • Terraform Cloud Agents

  • Resources

  • Tutorial Library
  • Certifications
  • Community Forum
    (opens in new tab)
  • Support
    (opens in new tab)
  • GitHub
    (opens in new tab)
  • Terraform Registry
    (opens in new tab)
  1. Developer
  2. Terraform
  3. Terraform Enterprise
  4. Install and Configure
  5. Automated Install
  6. Encryption Password
  • Terraform Enterprise
  • v202212-2
  • v202212-1
  • v202211-1
  • v202210-1
  • v202209-2
  • v202209-1
  • v202208-3
  • v202208-2
  • v202208-1
  • v202207-2
  • v202207-1
  • v202206-1

»Terraform Enterprise Encryption Password

When using internally-managed Vault, Terraform Enterprise requires that the operator specify a password that will be used to to encrypt and decrypt the internally-managed Vault unseal key and root token. This password is called the "encryption password". Please be sure to retain this value as it will be needed in the event of a re-installation.

The encryption password is used to protect the internally-managed Vault unseal key and root token with a password provided by the operator. It allows Terraform Enterprise to securely store the Vault unseal key and root token in PostgreSQL, which means that Vault is only dependent on the encryption password itself and the data in PostgreSQL.

Specifying the Encryption Password

Manual Installation

For manual installations, the encryption password can be specified via the "Encryption Password" field:

User interface for encryption password field.

Automated Installation

For automated installations, the encryption password can be specified via the enc_password setting in the application settings JSON file:

{
    "hostname": {
        "value": "terraform.example.com"
    },
    "installation_type": {
        "value": "poc"
    },
    "enc_password": {
        "value": "CHANGEME"
    }
}

Retrieving the Encryption Password

To retrieve the encryption password that Terraform Enterprise is currently configured to use, connect to your Terraform Enterprise instance and execute the following:

replicatedctl app-config export --template '{{.enc_password.Value}}'
Edit this page on GitHub

On this page

  1. Terraform Enterprise Encryption Password
  2. Specifying the Encryption Password
  3. Retrieving the Encryption Password
Give Feedback(opens in new tab)
  • Certifications
  • System Status
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
  • Trade Controls
  • Give Feedback(opens in new tab)