terrahelp icon indicating copy to clipboard operation
terrahelp copied to clipboard

Published 20 hours ago verified publisher icon opencredo

heredoc not sensitive inline mode

Open LeoK80 opened this issue 1 year ago • 0 comments

Issue Any heredoc entries in the terraform.tfvars file are not considered as sensitive values but appear in the encrypted file as is when running as --mode=inline. Examples of usage for these is PEM formatted certificates in HCL. E.g.

some_cert=<<EOT
-----BEGIN CERTIFICATE-----
<bunch of hash stuff>
-----END CERTIFICATE-----
EOT

This leaves these very important bits of information exposed in the state files for anyone to read/copy and abuse.

Woraround use of flag --mode=full

LeoK80 avatar Apr 25 '23 14:04 LeoK80