@x_cli@infosec.exchangeMany #Terraform providers using SSH do not check the SSH host key... they just run with ssh.InsecureIgnoreHostKey...
And to be honest, it is partly the fault of the SSH standard library which makes it super easy to ignore the host key and does not provide any useful builtin key verification function. People are lazy. ssh.FixedHostKey is niche.
So I implemented a small library to v…
@x_cli@infosec.exchangeI just published an update to my #terraform #opentofu provider "remotefs": https://registry.terrafo…
@wyri@toot-toot.wyrihaxim.usGitHub improved how its Terraform provider handles secrets. So now I shouldn't have recreations all the time. But I do have to update all of them; it only took 45 minutes to change all 500 of them:
#GitHub #Terraform
@x_cli@infosec.exchangeYes, I am like this: I publish Terraform/Opentofu providers and I have no choice but to use Github to host the releases (this is a requirement of Hashicorp #Terraform registry and #Opentofu registry), BUT I develop on @…
@wyri@toot-toot.wyrihaxim.usAround 20% of my TerraForm are GitHub Actions Secrets 🤯
#TerraForm #GitHub #Actions #Secrets
@x_cli@infosec.exchangeTomorrow, I'll be publishing a #WebDAV provider for #Terraform
It handles HTTP Basic, TLS and mTLS authentication.
It supports write-only attributes to deploy secrets, including deployment of ephemeral secrets.
In a few weeks, I expect to publish another version implementing…
@x_cli@infosec.exchangeYou are an experienced Dev(Sec)Ops. How do you run #Terraform or #OpenTofu in production?
#devops #iac
