github.com/opentofu/opentofu@v1.7.1/internal/encryption/keyprovider/pbkdf2/README.md

github.com/opentofu/opentofu@v1.7.1/internal/encryption/keyprovider/pbkdf2/README.md (about)

     1  # PBKDF passphrase key provider
     2  
     3  > [!WARNING]
     4  > This file is not an end-user documentation, it is intended for developers. Please follow the user documentation on the OpenTofu website unless you want to work on the encryption code.
     5  
     6  This folder contains the code for the PBKDF2 passphrase key provider. The user can enter a passphrase and the key provider will generate `[]byte` keys of a given length and will record the salt in the encryption metadata.
     7  
     8  ## Configuration
     9  
    10  You can configure this key provider by specifying the following options:
    11  
    12  ```hcl2
    13  terraform {
    14      encryption {
    15          key_provider "pbkdf2" "myprovider" {
    16              passphrase = "enter a long and complex passphrase here"
    17              
    18              # Adapt the key length to your encryption method needs,
    19              # check the method documentation for the right key length
    20              key_length = 32
    21              
    22              # Provide the number of iterations that should be performed.
    23              # See https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
    24              # for recommendations
    25              iterations = 600000 
    26  	
    27              # Pick the hashing function. Can be sha256 or sha512.
    28              hash_function = "sha512"
    29  	        
    30              # Pick the salt length in bytes.
    31              salt_length = 32
    32          }
    33      }
    34  }
    35  ```