Skip to content
This repository has been archived by the owner on Mar 7, 2021. It is now read-only.

hide default password that's stored in plaintext in this repository #6

Open
skyfaller opened this issue Apr 15, 2020 · 0 comments
Open

hide default password that's stored in plaintext in this repository #6

skyfaller opened this issue Apr 15, 2020 · 0 comments

Comments

@skyfaller
Copy link
Member

linode_create.yml currently has a default user password visible in plaintext in this repository. There are two barriers preventing a bad actor from exploiting this:

  • The villain would need a user's private ssh key, since we've disabled password-based login.
  • We require users to change their passwords the first time they log in, so the default password should only work on a user account that has never logged in.

That said, this is terrible practice, and we should:

  • encrypt the password in a vault
  • consider storing the password in the ansible hosts directory, rather than in our repository
@skyfaller skyfaller added enhancement New feature or request and removed enhancement New feature or request labels Apr 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@skyfaller