all InfoSec News
Terraform, OpenTofu and state encryption
July 2, 2024, 3:49 a.m. | Marcelo Andrade
DEV Community dev.to
Vamos supor que você criou uma variável no AWS Secrets Manager com Terraform:
$ aws sts get-caller-identity
{
"UserId": "AIDA2UC3CSEZOOZQXHZCN",
"Account": "730335449394",
"Arn": "arn:aws:iam::730335449394:user/cloud_user"
}
$ aws secretsmanager get-secret-value --secret-id senha_root
{
"ARN": "arn:aws:secretsmanager:us-east-1:730335449394:secret:senha_root-qiNJDs",
"Name": "senha_root",
"VersionId": "terraform-20240701215533811100000001",
"SecretString": "z0mgp4ssw0rd",
"VersionStages": [
"AWSCURRENT"
],
"CreatedDate": "2024-07-01T18:55:32.978000-03:00"
}
Um usuário hacker não vai ter acesso à variável, a menos que alguém dê acesso explícito para ele:
$ aws sts get-caller-identity
{
"UserId": "AIDA2UC3CSEZLYNWRDSTL",
"Account": "730335449394",
"Arn": "arn:aws:iam::730335449394:user/hacker"
}
$ …
account aws aws secrets manager aws sts com east encryption hacker iam identity manager name opentofu secret secrets secrets manager state terraform value
More from dev.to / DEV Community
Jobs in InfoSec / Cybersecurity
All-Source Analyst (Watch Floor) - Senior
@ Global Dimensions | Columbia, Maryland, United States
Field Account Executive
@ Darktrace | Kentucky, United States
Technical Operations Engineer - International
@ Anduril | London, England, United Kingdom
Associate Analyst - Managed Security Services
@ Millennium IT ESP | Madhupur Upazila, Dhaka Division, Bangladesh
Associate Analyst - Managed Security Services
@ Millennium IT ESP | Klang, Selangor, Malaysia
Associate Analyst - Managed Security Services
@ Millennium IT ESP | Colombo, WP, Sri Lanka