From df6b2b1de906e925fdee695074bc349a57798489 Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Wed, 26 Mar 2025 15:00:05 +0000 Subject: [PATCH] Add Secret(s) Manager security risk warning messages --- deployment/modules/aws/tesseract/test/main.tf | 3 +++ deployment/modules/gcp/tesseract/conformance/main.tf | 3 +++ deployment/modules/gcp/tesseract/test/main.tf | 3 +++ 3 files changed, 9 insertions(+) diff --git a/deployment/modules/aws/tesseract/test/main.tf b/deployment/modules/aws/tesseract/test/main.tf index 7097200b..02cb3946 100644 --- a/deployment/modules/aws/tesseract/test/main.tf +++ b/deployment/modules/aws/tesseract/test/main.tf @@ -11,6 +11,9 @@ module "storage" { ephemeral = var.ephemeral } +# [WARNING] +# Using secrets manager does NOT guarantee the security of the signing keys. +# There are significant security risks if the secrets are mismanaged. module "secretsmanager" { source = "../../secretsmanager" diff --git a/deployment/modules/gcp/tesseract/conformance/main.tf b/deployment/modules/gcp/tesseract/conformance/main.tf index e067fb60..271a39f0 100644 --- a/deployment/modules/gcp/tesseract/conformance/main.tf +++ b/deployment/modules/gcp/tesseract/conformance/main.tf @@ -11,6 +11,9 @@ module "storage" { ephemeral = true } +# [WARNING] +# Using secret manager does NOT guarantee the security of the signing keys. +# There are significant security risks if the secrets are mismanaged. module "secretmanager" { source = "../../secretmanager" diff --git a/deployment/modules/gcp/tesseract/test/main.tf b/deployment/modules/gcp/tesseract/test/main.tf index bcb40b58..76e3d508 100644 --- a/deployment/modules/gcp/tesseract/test/main.tf +++ b/deployment/modules/gcp/tesseract/test/main.tf @@ -11,6 +11,9 @@ module "storage" { ephemeral = false } +# [WARNING] +# Using secret manager does NOT guarantee the security of the signing keys. +# There are significant security risks if the secrets are mismanaged. module "secretmanager" { source = "../../secretmanager"