OctopusDeploy · mcasperson · Dec 10, 2024 · Dec 10, 2024 · Dec 10, 2024
diff --git a/step-templates/octopus-serialize-project-to-terraform.json b/step-templates/octopus-serialize-project-to-terraform.json
@@ -3,7 +3,7 @@
   "Name": "Octopus - Serialize Project to Terraform",
   "Description": "Serialize an Octopus project as a Terraform module and upload the resulting package to the Octopus built in feed.\n\nThis step uses naming conventions to exclude resources from the generated module:\n\n* Variables starting with `Private.` are excluded\n* Runbooks starting with `__ ` are excluded\n* The environment called `Sync` is removed from any variable scopes\n\nBecause serializing Terraform modules is done via the API, the values of any secret variables are not available, and are not included in the module generated by this step.\n\nHowever, by following a variable naming and scoping convention, it is possible to export and then apply a project in a Terraform module recreating secret variables, without ever including the secrets in the exported module.\n\nThe project to be exported must define all secret variables with a unique name and a single value.  For example, the secret variable `Test.Database.Password` can be scoped to the `Test` environment and the secret variable `Production.Database.Password` can be scoped to the `Production` environment. You can not have a single secret variable called `Database.Password` with two values for the different environments though.\n\nTo collapse the unique secret variables into a single variable used by steps, it is possible to create a non-secret variable called `Database.Password`  with two values `#{Test.Database.Password}` and `#{Production.Database.Password}` scoped to appropriate environments.\n\nIn this way steps can still reference a single variable called `Database.Password`, but all secret variables have unique names and only one value.\n\nAll secret variables are then scoped to an additional environment called `Sync`, which means all secret variables are exposed to runbooks run in the `Step` environment. The `Sync` environment is used to apply the Terraform module exported by this step, `Apply a Terraform template` step to perform variable replacements with secret variables.\n\nThe secret values in the Terraform module then have default values set to the Octostache template referencing the secret variable. For example, the Octopus variables in the Terraform module have default values like `#{Test.Database.Password}` and `#{Production.Database.Password}`. These templates are replaced at runtime by the `Apply a Terraform template` step, run in the `Sync` environment, effectively injecting the secret values back into the newly created project.\n\nThis allows secret variables to be recreated with their original values, without ever exporting the secret values. ",
   "ActionType": "Octopus.Script",
-  "Version": 11,
+  "Version": 12,
   "CommunityActionTemplateId": null,
   "Packages": [],
   "Properties": {
@@ -134,7 +134,7 @@
       }
     },
     {
-      "Id": "e45abab5-cb8f-4af2-b3e9-3cde057907df",
+      "Id": "cb075d4f-a02f-4c80-b8b9-6f2da83730ff",
       "Name": "SerializeProject.Exported.Project.IgnoredTenants",
       "Label": "Ignored Tenants",
       "HelpText": "A comma separated list of tenants that will not be included in the Terraform module.",