Comments (2)
snakescott
commented on June 19, 2024
After a bit more digestion I see now that it would be more natural to use the certs here as an input to an aws_iam_server_certificate, which seems straightforward to configure. Also found relevant info on security implications in http://apparently.me.uk/terraform-certificate-authority/
from terraform-provider-acme-old.
vancluever
commented on June 19, 2024
@snakescott sounds like you figured this out already but just wanted to reply on a couple of things - you are right that it's probably better to pass this to something like aws_iam_server_certificate. A common scenario would be terminating SSL on an ELB/ALB with this and passing those requests to a non-HTTPS service on your instances created with aws_instance.
Glad you found Martin's example! Aside from that, my practice for handling private data in state is to ensure it's encrypted at rest or deleted otherwise. Also mark any key outputs you have as sensitive as well so that keys are not displayed in the clear when they shouldn't be, and delete the local state cache in .terraform/terraform.tfstate when you are using remote state and don't need to have it available.
from terraform-provider-acme-old.
Related Issues (20)
- Remove OCSP post-revocation validation
- Reorganize code, update/remove old documentation HOT 1
- acme_registration: State migration
- acme_certificate: State migration
- acme_registration: Now manages "accounts" HOT 1
- acme_registration <-> acme_certificate resource relationship HOT 1
- Update CHANGELOG with relevant milestone items
- reg/cert: Ensure IDs don't change, restore resource URL attributes
- State migration smoke test HOT 2
- provider: Promote server_url to provider config variable
- resource/certificate: ID should change on renewal
- DNS provider support HOT 4
- Route53 provider timeout HOT 1
- provider.acme.server_url change not forcing a new resource HOT 1
- Plugin usage on Terraform Enterprise HOT 1
- v1.0.0 - Change from ACME staging to prod HOT 2
- Resource to generate a PKCS #12 archive file HOT 2
- Publish your PGP Fingerprint HOT 1
- Migration from dns_challenge config to environment variables config stuck in state HOT 1
- Terraform Provider Development Program HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-acme-old.