fix(trufflehog): ignore pg example connection string #43
5 changed files with 8 additions and 3 deletions
|
|
@ -31,6 +31,7 @@ resource "stackit_postgresflex_instance" "this" {
|
|||
backup_schedule = "00 00 * * *"
|
||||
|
||||
acl = [
|
||||
# WARNING: Open ACL is for development only. Restrict to your specific egress IP ranges in production.
|
||||
"0.0.0.0/0"
|
||||
]
|
||||
|
||||
|
|
|
|||
|
|
@ -22,6 +22,6 @@ locals {
|
|||
|
||||
output "pg_connection_uri" {
|
||||
description = "PostgreSQL Flex User Connection String"
|
||||
value = "postgres://${local.pg_username}:${local.pg_password}@${local.pg_host}:${local.pg_port}/${local.pg_database}?sslmode=require"
|
||||
value = "postgres://${local.pg_username}:${local.pg_password}@${local.pg_host}:${local.pg_port}/${local.pg_database}?sslmode=require" # trufflehog:ignore
|
||||
sensitive = true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
stackit_organization_id = "<your-organization-id>"
|
||||
|
||||
## Name of the bootstrapping project
|
||||
stackit_project_name = "01-example-project"
|
||||
stackit_project_name = "00-bootstrap"
|
||||
|
||||
# Email address of the STACKIT user set as project owner.
|
||||
stackit_org_admin = "<your-admin@mail.com"
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ This module contains the core infrastructure configuration. It uses the `pg` bac
|
|||
1. Create a `backend.conf` file in this directory and define the connection string using the credentials generated by the bootstrap module:
|
||||
|
||||
```ini
|
||||
conn_str = "postgres://tf_state_user:<PASSWORD>@<STACKIT_INSTANCE_HOST>:5432/terraform_state?sslmode=require"
|
||||
conn_str = "postgres://tf_state_user:<PASSWORD>@<STACKIT_INSTANCE_HOST>:5432/terraform_state?sslmode=require" # trufflehog:ignore
|
||||
```
|
||||
|
||||
2. Initialize Terraform and bind it to the remote PostgreSQL backend
|
||||
|
|
|
|||
|
|
@ -6,3 +6,7 @@ To resolve the circular dependency of provisioning a state backend using Terrafo
|
|||
|
||||
1. **`00-bootstrap/`**: Provisions the backend infrastructure (PostgreSQL Flex instance, database and service user).
|
||||
2. **`01-example/`**: Represents the primary infrastructure, utilizing the provisioned PostgreSQL database as its remote backend.
|
||||
|
||||
---
|
||||
|
||||
**⚠️ Security Notice:** The PostgreSQL Flex instance in `00-bootstrap/` is configured with an open ACL (`0.0.0.0/0`) for development convenience. Before deploying to production, restrict the ACL to your specific egress IP ranges to prevent the database from being accessible via the public internet.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue