Open alexanderdeca opened 1 month ago
You can make use of !env
YAML tags to inject those at runtime. See: https://registry.terraform.io/providers/netascode/utils/latest/docs/data-sources/yaml_merge
Hey Daniel,
Thanks for the info, do you have an example for me using for example as it is not clear what to do based on the link you provided.
aaa:
login_domains:
- name: tacacs-auth
realm: tacacs
description: TACACS+ Authentication
- name: local
realm: local
description: Local Authentication
tacacs_providers:
- hostname_ip: 10.253.241.4
description: TACACS+
port: 49
key: 'Staging2023'
timeout: 5
retries: 1
mgmt_epg: oob
remote_user_login_policy: no-login
default_fallback_check: true
default_login_domain: lodhacs
default_realm: tacacs
console_realm: local
console_login_domain: local
where I would replace the KEY value.
Best regards
Alexander
From: Daniel Schmidt @.> Date: Friday, 3 May 2024 at 09:19 To: netascode/terraform-aci-nac-aci @.> Cc: Alexander Deca @.>, Author @.> Subject: Re: [netascode/terraform-aci-nac-aci] Question: Sensitive content protection in the different yaml files (Issue #80)
You can make use of !env YAML tags to inject those at runtime. See: https://registry.terraform.io/providers/netascode/utils/latest/docs/data-sources/yaml_merge
— Reply to this email directly, view it on GitHubhttps://github.com/netascode/terraform-aci-nac-aci/issues/80#issuecomment-2092447375, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AEAJEUPPPWGNKRVC23NTYT3ZAM27ZAVCNFSM6AAAAABHD5NVQCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJSGQ2DOMZXGU. You are receiving this because you authored the thread.Message ID: @.***>
You would have something like this:
aaa:
tacacs_providers:
- hostname_ip: 10.253.241.4
description: TACACS+
port: 49
key: !env TACACS_KEY
timeout: 5
retries: 1
mgmt_epg: oob
And then an environment variable defined like this:
$export TACACS_KEY=Staging2023
Thanks, seems the syntax doesn’t like it as visual studio code throws an error on the !env TACACS_KEY.
From: Daniel Schmidt @.> Date: Friday, 3 May 2024 at 12:52 To: netascode/terraform-aci-nac-aci @.> Cc: Alexander Deca @.>, Author @.> Subject: Re: [netascode/terraform-aci-nac-aci] Question: Sensitive content protection in the different yaml files (Issue #80)
You would have something like this:
aaa:
tacacs_providers:
- hostname_ip: 10.253.241.4
description: TACACS+
port: 49
key: !env TACACS_KEY
timeout: 5
retries: 1
mgmt_epg: oob
And then an environment variable defined like this:
$export TACACS_KEY=Staging2023
— Reply to this email directly, view it on GitHubhttps://github.com/netascode/terraform-aci-nac-aci/issues/80#issuecomment-2092763717, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AEAJEULENQ57OPERIETTSPTZANT5VAVCNFSM6AAAAABHD5NVQCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJSG43DGNZRG4. You are receiving this because you authored the thread.Message ID: @.***>
Yeah, the JSON schema is not aware of those tags.
Alright thanks for the help, trying it now.
Cheers!
From: Daniel Schmidt @.> Date: Friday, 3 May 2024 at 13:09 To: netascode/terraform-aci-nac-aci @.> Cc: Alexander Deca @.>, Author @.> Subject: Re: [netascode/terraform-aci-nac-aci] Question: Sensitive content protection in the different yaml files (Issue #80)
Yeah, the JSON schema is not aware of those tags.
— Reply to this email directly, view it on GitHubhttps://github.com/netascode/terraform-aci-nac-aci/issues/80#issuecomment-2092791719, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AEAJEUONGSK7XO7CXKJF5HTZANV7FAVCNFSM6AAAAABHD5NVQCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJSG44TCNZRHE. You are receiving this because you authored the thread.Message ID: @.***>
Does this answer you question?
Question: How to protect sensitive content ex. passwords in different yaml files?