Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TF Plan security: Plan artifact in GitHub is not encrypted #1247

Closed
chvima opened this issue Mar 5, 2024 · 1 comment
Closed

TF Plan security: Plan artifact in GitHub is not encrypted #1247

chvima opened this issue Mar 5, 2024 · 1 comment

Comments

@chvima
Copy link
Contributor

chvima commented Mar 5, 2024

Using v 0.4.6. Configuration of digger action - upload-plan-destination: github.

Issue: Plan artifact in Github is accessible to everyone who has read access on the repository (this is not configurable on GitHub). Terraform plan binary file can contain sensitive values and shouldn't be accessible to all users.

Suggestion for solution: Implement encryption of the file before storing it to artifacts. It can be either password protected zip file (that the plan is currently in) or file encryption on top of it.
@chvima chvima changed the title Plan artifact in GitHub security issue - implement encryption TF Plan security: Plan artifact in GitHub is unencrypted- implement encryption Mar 8, 2024
@chvima chvima changed the title TF Plan security: Plan artifact in GitHub is unencrypted- implement encryption TF Plan security: Plan artifact in GitHub is not encrypted Mar 8, 2024
@chvima
Copy link
Contributor Author

chvima commented Apr 11, 2024

Closing as this is duplicate of #817

@chvima chvima closed this as completed Apr 11, 2024
@ZIJ ZIJ mentioned this issue Jul 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chvima