Transfer of sensitive data in terraform files over the network

Iwant2learn · February 15, 2021, 3:50pm

Hello,I very recently started using open source version of terraform and currently exploring the various modes of securing my terraform infrastructure.

I failed to find information on transfer of sensitive data in terraform files over the network.

for ex. if the endpoint is vcenter and I am using vsphere provider, are the login credentials sent in plain text to vcenter server or does terraform encrypt them ?

or say, the passwords defined to connect to a database, how is it sent to the database over the network ?

Appreciate the guidance offered on this forum.

Thank you.

stuart-c · February 17, 2021, 10:35pm

If your vCenter is using TLS and Terraform is configured to use that any credentials would be protected during transit. The same would be true if your database is using TLS with Terraform configured to use it.

If you configure Terraform to communicate with anything using plain HTTP or similar non encrypted protocol you would have no protection of passwords over the network.

This is not specific to Terraform. It is good practice to use TLS (e.g. https:// URLs) wherever possible to ensure data going over the network is protected.

Topic		Replies	Views
What is the best practice to pass passwords and sensitive data inputs to terraform? Terraform	0	299	August 11, 2020
Feedback needed: TF plan security Terraform	3	559	November 11, 2020
How can I verify that the communication between client library and upstream APIs is taking place securely or not Terraform	9	288	February 6, 2023
Passwords/Sensitive data in TfState files Terraform	2	4221	August 21, 2019
How does terraform communicate with AWS? AWS	1	347	January 18, 2020

Transfer of sensitive data in terraform files over the network

Related topics