website: Revise sensitive data in state page
This commit is contained in:
Nick Fagerlund
Nick Fagerlund
parent
f1237f816c
commit
c0176aeab3
|
|
@ -8,41 +8,33 @@ description: |-
|
|||
|
||||
# Sensitive Data in State
|
||||
|
||||
Terraform state can contain sensitive data depending on the resources in-use
|
||||
Terraform state can contain sensitive data, depending on the resources in use
|
||||
and your definition of "sensitive." The state contains resource IDs and all
|
||||
resource attributes. For resources such as databases, this may contain initial
|
||||
passwords.
|
||||
|
||||
When using local state, state is stored in plain-text JSON files. When
|
||||
using [remote state](/docs/state/remote.html), state is only ever held in memory when used by Terraform.
|
||||
It may be encrypted at rest but this depends on the specific remote state
|
||||
backend.
|
||||
When using local state, state is stored in plain-text JSON files.
|
||||
|
||||
It is important to keep this in mind if you do (or plan to) store sensitive
|
||||
data (e.g. database passwords, user passwords, private keys) as it may affect
|
||||
the risk of exposure of such sensitive data.
|
||||
When using [remote state](/docs/state/remote.html), state is only ever held in
|
||||
memory when used by Terraform. It may be encrypted at rest, but this depends on
|
||||
the specific remote state backend.
|
||||
|
||||
## Recommendations
|
||||
|
||||
Storing state remotely may provide you encryption at rest depending on the
|
||||
backend you choose. As of Terraform 0.9, Terraform will only hold the state
|
||||
value in memory when remote state is in use. It is never explicitly persisted
|
||||
to disk.
|
||||
If you manage any sensitive data with Terraform (like database passwords, user
|
||||
passwords, or private keys), treat the state itself as sensitive data.
|
||||
|
||||
For example, encryption at rest can be enabled with the S3 backend and IAM
|
||||
policies and logging can be used to identify any invalid access. Requests for
|
||||
the state go over a TLS connection.
|
||||
Storing state remotely can provide better security. As of Terraform 0.9,
|
||||
Terraform does not persist state to the local disk when remote state is in use,
|
||||
and some backends can be configured to encrypt the state data at rest.
|
||||
|
||||
[Terraform Cloud](https://www.hashicorp.com/products/terraform/) is
|
||||
a commercial product from HashiCorp that also acts as a [backend](/docs/backends)
|
||||
and provides encryption at rest for state. Terraform Cloud also knows
|
||||
the identity of the user requesting state and maintains a history of state
|
||||
changes. This can be used to provide access control and detect any breaches.
|
||||
For example:
|
||||
|
||||
## Future Work
|
||||
|
||||
Long term, the Terraform project wants to further improve the ability to
|
||||
secure sensitive data. There are plans to provide a
|
||||
generic mechanism for specific state attributes to be encrypted or even
|
||||
completely omitted from the state. These do not exist yet except on a
|
||||
resource-by-resource basis if documented.
|
||||
- [Terraform Cloud](/docs/cloud/index.html) always encrypts state at rest and
|
||||
protects it with TLS in transit. Terraform Cloud also knows the identity of
|
||||
the user requesting state and maintains a history of state changes. This can
|
||||
be used to control access and track activity. [Terraform Enterprise](/docs/enterprise/index.html)
|
||||
also supports detailed audit logging.
|
||||
- The S3 backend supports encryption at rest when the `encrypt` option is
|
||||
enabled. IAM policies and logging can be used to identify any invalid access.
|
||||
Requests for the state go over a TLS connection.
|
||||
|
|
|
|||
Loading…
Reference in New Issue