So I have been starting to use gitlab-managed terraform state. I use multiple state files for each environment a module is deployed to. (Prod, staging, review/*), and it’s working amazingly well!
Now I’m looking at the security aspect of this flow. I think I read every GitLab doc on the subject so far, and from what I gather it seems every members of a gitlab project with the developer role, can read every state files stored in a project.
My question: Is there any way that I can prevent my “prod” TF State files from being read by non-maintainers for example or tie it up with protected environments?