Tootfinder

Infosec game: what is obviously wrong with this #Terraform provider?

https://registry.terraform.io/providers/tenstad/remote/latest/docs/resources/file<…

Tomorrow, I'll be publishing a #WebDAV provider for #Terraform
It handles HTTP Basic, TLS and mTLS authentication.
It supports write-only attributes to deploy secrets, including deployment of ephemeral secrets.
In a few weeks, I expect to publish another version implementing…

Yet another gotcha when implementing a #Terraform resource with a WriteOnly attribute: since there is no state kept between runs, you cannot require replacement of the resource if the configured value changes because there is nothing to compare it to 🙃
In my case, the WriteOnly attribute contains a file content, so the WriteOnly attribute value is hashed and the hash is stored as part o…

Oops, #Terraform datasources cannot contain write-only attributes, which means you cannot use a sensitive value in a secure way when configuring a datasource... Which leaves us with ephemeral resources which are not always what we want or passing the sensitive value to the provider (assuming the provider can take that value and pass it along to the datasource), which is not always possible...…