Comments (9)
geekofalltrades
commented on September 13, 2024
9
FYI, random_id seems to do all of this.
I was using it to generate a 32-byte random etcd encryption key for Kubernetes like so:
# https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#encrypting-your-data
resource "random_id" "etcd_encryption_key" {
byte_length = 32
}
output "etcd_encryption_key" {
value = "${random_id.etcd_encryption_key.b64_std}"
}Unfortunately the value ends up getting printed to the console during state refresh, which isn't great if you're treating it as secret. I opened #66 for that.
from terraform-provider-random.
yinzara
commented on September 13, 2024
8
The only issue with random_id is that the output cannot be marked as sensitive even though it's generally being used to generate cryptography keys.
from terraform-provider-random.
edjackson-wf
commented on September 13, 2024
6
Just found #66 where the idea of making random_id sensitive was rejected because it's outside the scope of "intended use."
This seems short-sighted to me. There are plenty of legitimate use cases for generating a TF-managed bunch of random bytes securely, and people are either going to use this despite the risks, or spend a bunch of time hacking together inferior solutions.
It looks like #272 would address the issue. 🤞
from terraform-provider-random.
Socolin
commented on September 13, 2024
4
To anyone looking for this, I published the provider in the PR in a separate provider.
https://registry.terraform.io/providers/Socolin/randombyte/latest
resource "randombyte_bytes" "name" {
length = 64
}
from terraform-provider-random.
deitch
commented on September 13, 2024
I realize that using random_integer that way is not really useful. An alternative might be to use random_integer 16 times, but that still gives a difficult to manage result, and appears to use math/rand rather than crypt/rand (unlike uuid and string):
provider "random"{}
resource "random_integer" test {
count = 16
min = 1
max = 256
}
output "int" {
value = "${random_integer.test.*.result}"
}The output is not easy to work with in HCL, either. Plenty easy in go though. :-)
from terraform-provider-random.
deitch
commented on September 13, 2024
I managed to do this. I don't love it, would be nice if it were a basic resource.
provider "random"{}
resource "random_string" test {
length = 16
override_special = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
}
output "string" {
value = "'${base64encode(random_string.test.result)}'"
}from terraform-provider-random.
deitch
commented on September 13, 2024
Funny, I didn't find that before. Is it new for 0.12?
from terraform-provider-random.
VilleSalonen
commented on September 13, 2024
This would be great addition. Now we have to generate truly random bytes, converting those to base64 and manually storing them as secrets. This is cumbersome and people might cut corners and either generate insufficiently random passwords or exposing the secret when doing the manual copying.
If having a random_id being secret is indeed outside the scope of intended use, could we please have #272 merged to have new random_bytes resource?
from terraform-provider-random.
github-actions
commented on September 13, 2024
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
from terraform-provider-random.
Related Issues (20)
- Documentation: random_shuffle output is already list HOT 2
- random_pet generating non unique names
- Update Go Module to Go 1.20 Minimum HOT 1
- tyring to upgrade azurerm version but getting below error. HOT 3
- Ambiguous wording in docs on the parameters for RandomPassword, eg "numeric = true" can still generate a password without numerics.
- Resource 'snowflake_grant_privileges_to_role' marks 'priveleges' attribute as changed regardless of any changes being made HOT 2
- random_shuffle need to add position 0 of an array to return 1 single result string HOT 2
- Support UUIDv7
- Enable password cannot have more than 2 repeated characters
- Feature Request: random IP from CIDR range HOT 4
- Feature Request: Random Date HOT 2
- `random_bytes` resource does not explicitly mention being "sufficiently random for cryptographic use HOT 2
- `random_bytes` resource does not explicitly mention being "sufficiently random for cryptographic use" HOT 2
- Improve documentation HOT 2
- Adjust Go Module Address
- Panic on `random_string` when all properties set to `false` HOT 3
- After importing random_string, special flag is changed HOT 2
- Importing a random password using an import block outputs a sensitive value during apply. HOT 1
- `provider::random::string()` function HOT 2
- Add word/profanity filter for random_pet HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-random.