search

PaloAltoNetworks / terraform-provider-panos

Terraform Panos provider
https://www.terraform.io/docs/providers/panos/
Mozilla Public License 2.0
87 stars 69 forks source link

Set ssl_decrypt_exclude_certificate securely #342

Closed or-tal-0 closed 1 year ago

or-tal-0 commented 2 years ago

Currently to set SSL decryption exclusion one just use the panos_ssl_decrypt resource, which also controls the trusted and untrusted certificates.

This has security implications - those certificates are of type certificate authority and I would like to limit access to them as much as possible. our terraform code is in git, which as broader access than I'd like, and if using panos_ssl_decrypt, the certificates would have to be in git also.

I would like to have a new resource, that only controls the SSL decryption exclusion list, either as a list of exclusions or a resource per exclusion.

TiantongHu commented 2 years ago

hey has anybody started working on this yet? I'd like to take a look at this :)