terraform-provider-vault icon indicating copy to clipboard operation
terraform-provider-vault copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

[Enhancement]: Revoke vault token after operation is done

Open slm0n87 opened this issue 2 years ago • 0 comments

Description

We use this terraform provider with auth method userpass and manage several vault_kv_secret_v2 ressources. Our Vault logs indicates that the provider logs into vault, lookup the token, get the vault version and does its operations to the stored secrets but finally does not revoke the vault token at the very end.

As a security relevant improvement the provider should revoke the token after all operations are done.

Affected Resource(s) and/or Data Source(s)

No response

Potential Terraform Configuration

No response

References

Example logs of a "terraform plan" (just compares the secrets from statefile to vault):

PUT /v1/auth/userpass/login/myuser HTTP/1.1 GET /v1/auth/token/lookup-self HTTP/1.1 GET /v1/sys/seal-status HTTP/1.1 GET /v1/secret/data/database-secret HTTP/1.1 GET /v1/secret/metadata/database-secret HTTP/1.1

Would you like to implement a fix?

None

slm0n87 avatar Sep 20 '23 11:09 slm0n87