Skip to content

fix(mnq): mark field 'file' as sensitive #2790

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 31, 2024
Merged

fix(mnq): mark field 'file' as sensitive #2790

merged 1 commit into from
Oct 31, 2024

Conversation

@ojroques
Copy link
Contributor

@ojroques ojroques commented Oct 31, 2024

Currently, when creating NATS credentials, the field 'file' is not marked as sensitive. While it does not cause issue during creation since this value is not yet computed, it causes issue during deletion where the secret is leaked:

  # scaleway_mnq_nats_credentials.key-manager will be destroyed
  # (because scaleway_mnq_nats_credentials.key-manager is not in configuration)
  - resource "scaleway_mnq_nats_credentials" "key-manager" {
      - account_id = (sensitive value) -> null
      - file       = <<-EOT
            -----BEGIN NATS USER JWT-----
             XXX REDACTED XXX
            ------END NATS USER JWT------

            ************************* IMPORTANT *************************
            NKEY Seed printed below can be used to sign and prove identity.
            NKEYs are sensitive and should be treated as secrets.

            -----BEGIN USER NKEY SEED-----
            XXX REDACTED XXX
            ------END USER NKEY SEED------

            *************************************************************
        EOT -> null
      - id         = "REDACTED" -> null
      - name       = "key-manager.fr-srr.nats" -> null
      - region     = "fr-srr" -> null
    }

@ojroques ojroques requested a review from Codelax as a code owner October 31, 2024 09:46
@github-actions github-actions bot added the mnq Messaging and queuing issues, bugs and feature requests label Oct 31, 2024
@remyleone remyleone added this pull request to the merge queue Oct 31, 2024
Merged via the queue into master with commit 5f2699c Oct 31, 2024
44 checks passed
@remyleone remyleone deleted the feat/nats-credentials-sensitive branch October 31, 2024 10:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@remyleone remyleone remyleone approved these changes

@Codelax Codelax Awaiting requested review from Codelax

Assignees

No one assigned

Labels

mnq Messaging and queuing issues, bugs and feature requests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ojroques @remyleone