Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parameters in metadata exposes secrets #33

Open
ugirirajan opened this issue Dec 4, 2019 · 1 comment
Open

Parameters in metadata exposes secrets #33

ugirirajan opened this issue Dec 4, 2019 · 1 comment

Comments

@ugirirajan
Copy link

As the GCP instance reads the metadata on the fly for parameters, the credentials and keys are exposed in console if we use this registry.
@onetwopunch
Copy link

+1 to this. Could this module not allow users to pull the secrets from a GCS bucket with a client side KMS key which only the primary/secondary service account has access to? Or give the option to point to a Vault instance which would pull this data at boot time. It seems this issue also exists on the AWS installation module, where secrets are stored in User Data: https://github.com/hashicorp/terraform-aws-terraform-enterprise/blob/87a10c9893e71261404fe70a80ee4e4cd8f22fca/config.tf#L22

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@onetwopunch @ugirirajan