Merge branch 'document-encryption-local' into 'main'

Document how to work with auto-encrypted states locally

Closes #124

See merge request components/opentofu!267

.gitlab/README.md.template

@@ -175,6 +175,16 @@ include:
 stages: [validate, build, deploy]
 ```
 
+#### Working with encrypted states locally
+
+To locally work with encrypted states that have been auto encrypted by the component you can
+manually do what the component does:
+
+Copy the encryption setup from [the `configure_encryption_for_tofu` function](/src/gitlab-tofu.sh#L310)
+into a temporary file called `encryption.tf` or expose it in the `TF_ENCRYPTION` variable - make sure to
+correctly set your passphrase the match the value from GitLab CI. Then you can simply continue using your
+regular `tofu` tooling.
+
 ### Configure `id_tokens`
 
 > [!note]

README.md

@@ -177,6 +177,16 @@ include:
 stages: [validate, build, deploy]
 ```
 
+#### Working with encrypted states locally
+
+To locally work with encrypted states that have been auto encrypted by the component you can
+manually do what the component does:
+
+Copy the encryption setup from [the `configure_encryption_for_tofu` function](/src/gitlab-tofu.sh#L310)
+into a temporary file called `encryption.tf` or expose it in the `TF_ENCRYPTION` variable - make sure to
+correctly set your passphrase the match the value from GitLab CI. Then you can simply continue using your
+regular `tofu` tooling.
+
 ### Configure `id_tokens`
 
 > [!note]