Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: mark all fields with private keys as sensitive #48

Merged
merged 1 commit into from
May 24, 2019
Merged

tls: mark all fields with private keys as sensitive #48

merged 1 commit into from
May 24, 2019

Conversation

invidian
Copy link
Contributor

Terraform >= 0.12.0 shows all resource fields during planning, so
all generated private keys my end up in STDOUT/logs, which is potential
security threat.

This commit sets Sensitive: true to all fields which store private keys.

Signed-off-by: Mateusz Gozdek mgozdekof@gmail.com

@invidian
tls: mark all fields with private keys as sensitive
adbbb45 
Terraform >= 0.12.0 shows all resource fields during planning, so
all generated private keys my end up in STDOUT/logs, which is potential
security threat.

This commit sets Sensitive: true to all fields which store private keys.

Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
@ghost ghost added the size/XS label May 24, 2019
@apparentlymart
Copy link
Contributor

Thanks for working on this, @invidian!

I'm surprised that this is new behavior in 0.12, since 0.11 should've been printing out the values it was writing for these too, but indeed there's no reason why these should not be marked as Sensitive; they clearly are.

@apparentlymart apparentlymart merged commit 32b3a8d into hashicorp:master May 24, 2019
@invidian invidian deleted the private-key-leak branch May 24, 2019 15:53
@invidian
Copy link
Contributor Author

Thanks!

@StephenWithPH StephenWithPH mentioned this pull request Aug 16, 2019
Closed
@github-actions GitHub Actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@invidian @apparentlymart