adenot
commented
1 month ago agree with your assessment but it's not something we are looking to implement at this moment, feel free to send PR if you have this implemented in your fork.
Closed qingvincentyin closed 1 month ago
adenot
commented
1 month ago agree with your assessment but it's not something we are looking to implement at this moment, feel free to send PR if you have this implemented in your fork.
Summary
Consider this block of code:
According to Terraform docs, the generated private key will be stored in cleartext in the
terraform.statefile.It would be better if this module optionally accepts an existing private key (in fact, the privkey, pubkey, and optionally a parent CA cert to be complete) or a name/ARN of an existing cert in ACM -- and only falls back to the auto-generated privkey if none of those are passed in. That will make this more production strength.
Motivation
Avoid putting secrets into the
terraform.statefile.Alternatives
No response
Additional Context
No response
Code of Conduct