Skip to content

Secure Sensitive Configuration Values #6

New issue
New issue
Open
Open
Secure Sensitive Configuration Values#6
Assignees
jonathan-d-nguyen
Labels
effort/medium2-3 days of workpriority/highHigh priorityscope/terraformRelated to Terraformtype/securitySecurity-related changes
@jsandov

Description

@jsandov
jsandov
opened on Nov 20, 2024

Security Concerns

The following sensitive values are currently exposed in the Terraform configuration:

  • ACM Certificate ARN
  • AWS account IDs
  • Bucket names
  • Domain names

Recommendation

These values should be moved out of the codebase and managed securely using one of the following methods:

  1. External variable files (tfvars)
  2. Environment variables
  3. AWS Parameter Store
  4. AWS Secrets Manager

Impact

Current exposure of these values in version control poses security risks and doesn't follow infrastructure-as-code best practices.

Next Steps

  1. Identify all sensitive values
  2. Choose appropriate secure storage method
  3. Update Terraform code to reference secured values
  4. Update documentation with instructions for value management
  5. Add necessary files to .gitignore

Note

Implementation method choice should align with existing infrastructure and security requirements.

Metadata

Metadata

Assignees

Labels

effort/medium2-3 days of workpriority/highHigh priorityscope/terraformRelated to Terraformtype/securitySecurity-related changes

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions