Patrick de Ruiter
696bffd023
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 20s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 23s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 37s
Code Quality & Security Scan / Terraform Validate (push) Successful in 35s
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 38s
Code Quality & Security Scan / Terraform Plan (push) Failing after 25s
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Removed all hardcoded sensitive values from backend.tf: - MinIO endpoint URL - Bucket name - State file key/path - Access key and secret key Security Improvements: - Backend configuration now uses environment variables - Added comprehensive documentation for backend setup - Provided examples for both env vars and backend.hcl - Added backend.hcl to .gitignore to prevent credential leaks - Updated README with secure configuration instructions - Fixed step numbering in README after adding backend config section Backend Configuration Methods: 1. Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) 2. Command-line flags during terraform init 3. Backend configuration file (backend.hcl) - now gitignored Breaking Change: - Users must now explicitly configure backend during terraform init - No default backend configuration provided for security reasons See README section 'Configure Backend (Optional)' for detailed setup instructions.
39 lines
977 B
Plaintext
39 lines
977 B
Plaintext
# Local .terraform directories
|
|
**/.terraform/*
|
|
|
|
# .tfstate files
|
|
*.tfstate
|
|
*.tfstate.*
|
|
|
|
# Crash log files
|
|
crash.log
|
|
crash.*.log
|
|
|
|
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
|
|
# password, private keys, and other secrets. These should not be part of version
|
|
# control as they are data points which are potentially sensitive and subject
|
|
# to change depending on the environment.
|
|
*.tfvars
|
|
*.tfvars.json
|
|
|
|
# Ignore override files as they are usually used to override resources locally and so
|
|
# are not checked in
|
|
override.tf
|
|
override.tf.json
|
|
*_override.tf
|
|
*_override.tf.json
|
|
|
|
# Include override files you do wish to add to version control using negated pattern
|
|
# !example_override.tf
|
|
|
|
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
|
|
# example: *tfplan*
|
|
|
|
# Ignore CLI configuration files
|
|
.terraformrc
|
|
terraform.rc
|
|
|
|
# Ignore backend configuration files that may contain credentials
|
|
backend.hcl
|
|
*.backend.hcl
|