all InfoSec News logo
all InfoSec News - Your InfoSec news aggregator
Log in Sign up
all InfoSec News

Terraform, OpenTofu and state encryption

Add to bookmarks
July 2, 2024, 3:49 a.m. | Marcelo Andrade

DEV Community dev.to

Vamos supor que você criou uma variável no AWS Secrets Manager com Terraform:



$ aws sts get-caller-identity
{
    "UserId": "AIDA2UC3CSEZOOZQXHZCN",
    "Account": "730335449394",
    "Arn": "arn:aws:iam::730335449394:user/cloud_user"
}

$ aws secretsmanager get-secret-value --secret-id senha_root
{
    "ARN": "arn:aws:secretsmanager:us-east-1:730335449394:secret:senha_root-qiNJDs",
    "Name": "senha_root",
    "VersionId": "terraform-20240701215533811100000001",
    "SecretString": "z0mgp4ssw0rd",
    "VersionStages": [
        "AWSCURRENT"
    ],
    "CreatedDate": "2024-07-01T18:55:32.978000-03:00"
}


Um usuário hacker não vai ter acesso à variável, a menos que alguém dê acesso explícito para ele:



$ aws sts get-caller-identity
{
    "UserId": "AIDA2UC3CSEZLYNWRDSTL",
    "Account": "730335449394",
    "Arn": "arn:aws:iam::730335449394:user/hacker"
}

$ …

account aws aws secrets manager aws sts com east encryption hacker iam identity manager name opentofu secret secrets secrets manager state terraform value

Visit resource

More from dev.to / DEV Community

The Periodic Table of AI Tools 19 hours ago | dev.to
ai ai tools articles called +7
Automating Linux User Management with Bash Script 20 hours ago | dev.to
accounts actions aws bash +17
Optimizing My Company's Developers and Group Management with Bash Script Automation 20 hours ago | dev.to
actions automation base64 bash +18
Automating User Management on Linux with Bash Scripting 22 hours ago | dev.to
bash bash script bash scripting called +19
If you are a WeChat mini-program developer, WeTest penetration testing is a must 23 hours ago | dev.to
developer free high javascript +22
Automating Linux User Management with a Bash Script 23 hours ago | dev.to
accounts bash bash script can +17
API Testing: An Essential Guide 1 day ago | dev.to
ai api apis api testing +21
Simplifying Authentication and Authorization with Keycloak 1 day, 1 hour ago | dev.to
authentication authorization building can +13
Patch your servers! It's time of regreSSHion 1 day, 1 hour ago | dev.to
access cve cve-2024 cve-2024-6387 +14

Jobs in InfoSec / Cybersecurity

Find Talent

All-Source Analyst (Watch Floor) - Senior

@ Global Dimensions | Columbia, Maryland, United States
View on infosec-jobs.com

Field Account Executive

@ Darktrace | Kentucky, United States
View on infosec-jobs.com

Technical Operations Engineer - International

@ Anduril | London, England, United Kingdom
View on infosec-jobs.com

Associate Analyst - Managed Security Services

@ Millennium IT ESP | Madhupur Upazila, Dhaka Division, Bangladesh
View on infosec-jobs.com

Associate Analyst - Managed Security Services

@ Millennium IT ESP | Klang, Selangor, Malaysia
View on infosec-jobs.com

Associate Analyst - Managed Security Services

@ Millennium IT ESP | Colombo, WP, Sri Lanka
View on infosec-jobs.com