random password is stored in clear-text - Githubissues

f5devcentral / terraform-aws-bigip-module

This Repo has been Archived, and moved to: https://github.com/F5Networks/terraform-aws-bigip-module for Supported Module

3 stars 8 forks source link

random password is stored in clear-text #40

Open chen23 opened 3 years ago

chen23 commented 3 years ago

The random password that is used is stored in clear-text.

https://github.com/f5devcentral/terraform-aws-bigip-module/blob/b1fd0f0170e5df71c8134ea94fc630928acdd016/f5_onboard.tmpl#L49

This does not adhere to AWS best practices for meta-data

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

A workaround that I've done is to use an encrypted form of the password

https://github.com/chen23/f5-terraform-consul-sd-webinar/blob/06f818b7cba3e84e3150fe49e82491f6f05c3c37/scripts/f5.tpl#L44

RavinderReddyF5 commented 3 years ago

@chen23 we are using this password through DO config for user class settings through runtime init, https://github.com/f5devcentral/terraform-aws-bigip-module/blob/b1fd0f0170e5df71c8134ea94fc630928acdd016/f5_onboard.tmpl#L79

not sure encrypted password will be accepted by DO config, because i didnot find any documentation for same: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/composing-a-declaration.html?highlight=user#user-class

trinaths commented 3 years ago

We need to have DO support this before we address this.