Secrets in git are a no-no.
Some bash, sed, black magic.
$ cat aws_access_key
<redacted>
$ cat aws_secret_key
<redacted>
$ cat terraform.tfstate | grep ses
"ses_smtp_password": "<redacted>",
./terraformectomy <redacted> <redacted> <redacted>
$ cat terraform.tfstate | grep ses
"ses_smtp_password": "CENSORED_BY_TERRAFORMECTOMY",
Terraform will often try to check that the AWS access keys are valid, and wants to reprovision them. Still better than not commiting the state file at all. This is a (hopefully) temporary thing until Hashicorp gets around to fixing terraform. I have doubts since the issue is from 2014 and still no progress. Hopefully terraformectomy is a quick bandaid.