You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue
Any heredoc entries in the terraform.tfvars file are not considered as sensitive values but appear in the encrypted file as is when running as --mode=inline. Examples of usage for these is PEM formatted certificates in HCL. E.g.
some_cert=<<EOT
-----BEGIN CERTIFICATE-----
<bunch of hash stuff>
-----END CERTIFICATE-----
EOT
This leaves these very important bits of information exposed in the state files for anyone to read/copy and abuse.
Woraround
use of flag --mode=full
The text was updated successfully, but these errors were encountered:
LeoK80
changed the title
heredc
heredoc not sensitive inline mode
Apr 25, 2023
Issue
Any heredoc entries in the
terraform.tfvarsfile are not considered as sensitive values but appear in the encrypted file as is when running as--mode=inline. Examples of usage for these is PEM formatted certificates in HCL. E.g.This leaves these very important bits of information exposed in the state files for anyone to read/copy and abuse.
Woraround
use of flag
--mode=fullThe text was updated successfully, but these errors were encountered: