cloud-docs: Update HCP TF security model #803
Open
+10
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
rkoron007
approved these changes
Dec 19, 2024
| @@ -116,6 +116,16 @@ Marking a variable as “sensitive” will prevent it from being displayed in th | |||
|
|
|||
| The logs from a Terraform plan or apply operation are visible to any user with at least “read” level access in the associated workspace. While Terraform tries to avoid writing sensitive information to logs, redactions are best-effort. This feature should not be treated as a security boundary, but instead as a mechanism to mitigate accidental exposure. Additionally, HCP Terraform is unable to protect against malicious users who attempt to use Terraform logs to exfiltrate sensitive data. | |||
|
|
|||
| ### Redaction of ephemeral values in Terraform logs | |||
There was a problem hiding this comment.
Suggested change
| ### Redaction of ephemeral values in Terraform logs | |
| ### Redact ephemeral values from Terraform logs |
| @@ -116,6 +116,16 @@ Marking a variable as “sensitive” will prevent it from being displayed in th | |||
|
|
|||
| The logs from a Terraform plan or apply operation are visible to any user with at least “read” level access in the associated workspace. While Terraform tries to avoid writing sensitive information to logs, redactions are best-effort. This feature should not be treated as a security boundary, but instead as a mechanism to mitigate accidental exposure. Additionally, HCP Terraform is unable to protect against malicious users who attempt to use Terraform logs to exfiltrate sensitive data. | |||
|
|
|||
| ### Redaction of ephemeral values in Terraform logs | |||
|
|
|||
| The logs from a Terraform plan or apply operation are visible to any user with at least “read” level access in the associated workspace. Terraform tries to avoid writing ephemeral values to logs | |||
There was a problem hiding this comment.
Suggest adding a link to ephemeral values so folks can learn more:
Suggested change
| The logs from a Terraform plan or apply operation are visible to any user with at least “read” level access in the associated workspace. Terraform tries to avoid writing ephemeral values to logs | |
| The logs from a Terraform plan or apply operation are visible to any workspace's users with **Read** permissions. Terraform attempts to avoid writing [ephemeral values](/terraform/language/resources/ephemeral) to logs, but Terraform cannot guarantee that all providers will not log ephemeral values. |
| ### Redaction of ephemeral values in Terraform logs | ||
|
|
||
| The logs from a Terraform plan or apply operation are visible to any user with at least “read” level access in the associated workspace. Terraform tries to avoid writing ephemeral values to logs | ||
| and provider developers are discouraged from logging those as well but Terraform cannot provide guarantees that providers will not log ephemeral values. |
There was a problem hiding this comment.
If you like the suggestion above, this is just a reminder to remove this line:
Suggested change
| and provider developers are discouraged from logging those as well but Terraform cannot provide guarantees that providers will not log ephemeral values. |
|
|
||
| The logs from a Terraform plan or apply operation are visible to any user with at least “read” level access in the associated workspace. Terraform tries to avoid writing ephemeral values to logs | ||
| and provider developers are discouraged from logging those as well but Terraform cannot provide guarantees that providers will not log ephemeral values. | ||
| You can reduce the risk by only [using trusted modules and providers within Terraform configuration](#malicious-terraform-providers-or-modules). |
There was a problem hiding this comment.
Can you specify what they are reducing the risk of?
| and provider developers are discouraged from logging those as well but Terraform cannot provide guarantees that providers will not log ephemeral values. | ||
| You can reduce the risk by only [using trusted modules and providers within Terraform configuration](#malicious-terraform-providers-or-modules). | ||
|
|
||
| ### Redaction of ephemeral values in memory |
There was a problem hiding this comment.
Suggested change
| ### Redaction of ephemeral values in memory | |
| ### Redact ephemeral values in memory |
|
|
||
| ### Redaction of ephemeral values in memory | ||
|
|
||
| Ephemeral Values prevents values from being persisted to disk (as part of a plan file or state file) but no efforts are made to protect ephemeral values from memory analysis of the running application. |
There was a problem hiding this comment.
Is there any recommendation we can give to folks here? Is this something they need to worry about? Or more like something we are giving them a heads-up about?
Suggested change
| Ephemeral Values prevents values from being persisted to disk (as part of a plan file or state file) but no efforts are made to protect ephemeral values from memory analysis of the running application. | |
| Terraform does not persist ephemeral values to plan or state files. However, Terraform does not protect ephemeral values from a memory analysis of your running application. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added a few clarifications in the security/threat model concerning ephemeral values, as released recently in 1.10.