env0-Hosted Encrypted State

env0 has removed the requirement for setting up PersistentVolumeClaims (PVCs) when using env0's Self-Hosted Agents. env0 will encrypt (with a customer provided encryption key) the working directory and persist it in env0's secure cloud native file system.

How does it work

Add a "env0StateEncryptionKey" = "<your_base64_encoded_state_encryption_key>" key-value pair to your agent's <your_agent_key>_values.yaml configuration file. On existing agents, upgrade helm to apply the changes made in your configuration file. The encryption key can be any random string.
When deploying an environment, the agent uses your encryption key to encrypt deployment state and working directory, and upload them to env0's secure cloud native file system.

📘
About Privacy
We don't have access to your state files or your encryption key. Your encryption key belongs to you and your agent.

Key rotation

In case you want to change the encryption key, edit the env0StateEncryptionKey value in your agent's configuration file, and replace it with a different base64 encoded string.

🚧
Warning
When using local state files, adding, removing or rotating the encryption key will result in state loss for existing environments. In such cases, Terraform resources will be re-created.
To remedy this, we recommend using a remote backend (e.g. env0 Remote Backend).

env0-Hosted Encrypted State

How does it work

📘
About Privacy

Key rotation

🚧
Warning

How does it work

📘About Privacy

Key rotation

🚧Warning

📘
About Privacy

🚧
Warning