Best Security Practices for Terraform Psychz Provider
Publisher: Psychz Networks, July 01,2024At Psychz Networks, security is our paramount concern. In this guide, we not only share the robust security measures we’ve implemented but also provide actionable steps for enhancing security while deploying the server using Terraform.
Password Masking
At all points, the passwords are masked during outputs and will not appear on the screen. During input, it will be indicated as "Sensitive Value". We are hiding the password, so it will not show in the output. When users input a password from the terminal, it remains hidden (displayed as blanks) while they type. This prevents accidental exposure of sensitive data.
Pre-Feed Order Details Using .tfvars
Terraform can be applied with a `.tfvars` file using a command. This command will call the `.tfvars` file, where you can choose to pre-feed all the values. You can simply run this file to deploy the server without having to input any data in real-time. In this file, the user can add the required values, and those values will not prompt during the apply step. Open the `.tfvars` file using the following command:
vim order_express.tfvarsSample Output
plan_id =1
os_cat =2
os_id =3
disk_partition_id =4
payment_mode =1
software_raid =1234
hostname ="Terrafmtest"
password ="Helloworld@123"
partner_id =0
enforce_password_change =0
order_quantity =1Note: Hostname and Password are strings and hence you will have to add the inputs between " ".
Now, execute the following command to deploy server
terraform apply -var-file=order_express.tfvarsYou will simply be asked for auth_method and private_key.
Storing Passwords in System Files
You can incorporate this step to store the desired password in a system file like `.bashrc`. In this file, the user can add the required values, and those values will not prompt during the apply step. They will be automatically fetched from the system file at the time of execution. Here's how you can add the password:
vim ~/.bashrc Add following line at the bottom of the file
export TF_VAR_password="Enter_Your_Password"Save the file and exit the editor. To apply changes, source the file using following command
source ~/.bashrcUsing the above security measures, you can rest assured that while deploying a server using Terraform, your sensitive information, like passwords, will be securely handled. By storing such values in a system file and automatically fetching them during execution, you enhance the security and efficiency of your deployment process.