Closed ardiesaeidi closed 4 years ago
marinsalinas
commented
4 years ago I totally agree! @ardiesaeidi, these fields should be marked as sensitive in the resource's schema. I'll open a PR with this, as soon as I got any bandwidth to solve more issues.
themantissa
commented
4 years ago Hi @ardiesaeidi - Feel free to submit a feature request at https://feedback.mongodb.com/forums/924145-atlas?category_id=370723 for specific values to be redacted in the display to stdout. However, please be aware that this information would still be stored in your Terraform state file. There is more than one way we've seen customers mitigate this risk - one common one is to use both Terraform and Vault (see https://www.terraform.io/docs/providers/vault/index.html).
ardiesaeidi
commented
4 years ago Thanks @marinsalinas @themantissa ! That makes sense and i'll look into Vault. Solving this particular issue would be helpful for my team since we kick off tf changes through jenkins and it stores/logs the console output.
themantissa
commented
4 years ago @ardiesaeidi fyi the sensitive info here should now be hidden w/ #93 and our Vault work is now in Vault 1.4, supporting both db users and api keys. Blog may be helpful: https://blog.website.prod.corp.mongodb.com/blog/post/manage-atlas-database-secrets-hashicorp-vault
Hi,
I'm using the module
mongodbatlas_encryption_at_restto setup encryption and i noticed that the module is outputting my IAM secre to console/stdout. It would be great if this information can be redacted in some way since i wouldn't want this leaked through my logs."terraform" 0.11.14 "mongodbatlas" 0.3.1 "template" 2.1.2 "aws" 2.42.0