Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private keys are printed to the console on terraform destroy #12

Open
jholleran opened this issue Mar 3, 2023 · 1 comment
Open

Private keys are printed to the console on terraform destroy #12

jholleran opened this issue Mar 3, 2023 · 1 comment

Comments

@jholleran
Copy link

After Terraform applying a jose_keyset resource the full contents of the keyset can be printed to the console when running terraform plan -destroy. Is there a way to stop this sensitive information from been printed out to the console?

Here is an example:

terraform {
  required_providers {
    jose = {
      source = "wonko/jose"
      version = "0.0.14"
    }
  }
}


resource "jose_keyset" "jwt_key" {
  alg      = "ES256"
  size     = 256
}

Run: terraform apply

Result:
...
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Now run: terraform plan -destroy

Result:

image

As you can see the full contents including the private keys are displayed in the console. Arguably this could be ok as we may be about to delete them but it would be nice to avoid this from happening.
@davidboweninrupt
Copy link

Notably this is problematic if this information is stored to be presented for a human to review and approve. This would leave the information open for hours, maybe days. It could be abused during that time before the resource is destroyed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jholleran @davidboweninrupt