Comments (4)
Hi @ttangsv - thanks for the feedback. We comprehend with what you've mentioned - however, owing to a broader context of security measures being implemented, this would continue to be the case with the key of the private location. We're looking into opening a conversation with them to understand the decision better or to see if this can be reconsidered, so we can provide better context, however, this would take us time as we're juggling a couple of other issues at the moment. We shall keep you posted on this once we have an update. Thank you for understanding.
from terraform-provider-newrelic.
Hi @ttangsv, this shall continue to be the case with keys returned by Private Locations, as I've mentioned in my previous comment. We learn from Synthetics that the key would continue to be treated a sensitive field, to prevent any unauthorized use that can be led to with the key. I shall be closing this issue. Thank you for understanding.
from terraform-provider-newrelic.
Hi @ttangsv, thank you for reporting this issue. I've been working on identifying why the private location resource and data source have been returning masked keys since the recent past, while they were being returned them without any obfuscation earlier - and have discovered that it is an alteration of the backing NerdGraph API query that has led to this behaviour.
Owing to a recent security consideration made by New Relic Synthetics, it was inferred that the NerdGraph API is expected to return the key of a private location in a masked format, and this change was made - as a result of which this behaviour is seen with the private location data source and resource in the Terraform Provider, which rely on the aforementioned NerdGraph query. Upon having a word with them, we obtain that this would continue to be the case, so we would probably not be able to return the key in an unmasked format, prior to how this functioned earlier. Thank you for identifying this behaviour and letting us know about this.
from terraform-provider-newrelic.
Thank you @pranav-new-relic - I think this is an unnecessary security measure that makes automation difficult. We have automation that relies on retrieving private location keys via Terraform. The key is also stored in Hashicorp Vault through Terraform as you can see from my example above. We also automated the configuration of synthetic job manager to retrieve the key from Vault. During such process, the key is never exposed to human. This key is for PRIVATE locations which should be managed by New Relic customers. I don't understand why New Relic is taking such security measure to mask such important information from its customers. I am probably biased here and I may not see the big picture your Synthetics team sees in terms of security, but I hope they can see my use case and reconsider the decision.
from terraform-provider-newrelic.
Related Issues (20)
- CloudIntegration was not matched against all PossibleTypes: CloudAwsMsElasticacheIntegration HOT 12
- Error when executing terraform plan that there is no matching CloudIntegration. HOT 2
- interface CloudIntegration was not matched against all PossibleTypes: CloudAwsMsElasticacheIntegration HOT 3
- `newrelic_entity` Data Source: The data source does not return entity tags HOT 3
- Feature Request: Add the Ability to Add Users to Groups HOT 1
- Feature Request: Implementing resources to manage metric normalization rules HOT 1
- ⚠️ EOL Notice for the Synthetics Legacy Runtime in use with Synthetic Monitors
- Plugin crashed on v3.37.0 HOT 2
- Error: Plugin did not respond provider New Relic #2674 HOT 1
- `newrelic_notification_destination` Resource: Alert destinations are created multiple times, possibly due to retries HOT 2
- `newrelic_notification_destination` Data Source: sub-string search issue HOT 2
- Update the golden rules example to nrql query alerts HOT 3
- OpenTofu registry is missing GPG keys for this provider HOT 2
- Resource `newrelic_nrql_alert_condition`: Cannot change account ID of the resource. HOT 1
- Resource `newrelic_synthetics_monitor`: This field is deprecated! Please use `relatedEntities` instead error HOT 2
- Missing legacy provider keys in OpenTofu Registry HOT 11
- Resource to manage log views
- Resource `newrelic_one_dashboard`: Unable to add float thresholds to `widget_line` HOT 2
- Resource `newrelic_one_dashboard`: Threshold from/to defaults to 0 with `widget_line` HOT 1
- Resource `newrelic_browser_application`: Often rm only returns `application_id` on second apply HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-newrelic.