Currently to set SSL decryption exclusion one just use the panos_ssl_decrypt resource, which also controls the trusted and untrusted certificates.
This has security implications - those certificates are of type certificate authority and I would like to limit access to them as much as possible. our terraform code is in git, which as broader access than I'd like, and if using panos_ssl_decrypt, the certificates would have to be in git also.
I would like to have a new resource, that only controls the SSL decryption exclusion list, either as a list of exclusions or a resource per exclusion.
Currently to set SSL decryption exclusion one just use the
panos_ssl_decrypt
resource, which also controls the trusted and untrusted certificates.This has security implications - those certificates are of type certificate authority and I would like to limit access to them as much as possible. our terraform code is in git, which as broader access than I'd like, and if using
panos_ssl_decrypt
, the certificates would have to be in git also.I would like to have a new resource, that only controls the SSL decryption exclusion list, either as a list of exclusions or a resource per exclusion.