Doc | Post-deployment section: change method to get temp password #140
Conversation
rodriguez-matias
added
documentation
|
@angelofenoglio thanks for your valuable review :) |
…bashar/le-ref-architecture-doc into doc-flz-post-deployment-get-temp-passwd
| leverage terraform output -json | ||
| ``` | ||
| ``` | ||
| ... | ||
| user_natasha_romanoff_login_profile_encrypted_password = "SipVOzVtNTI0Ml...EZmJFxxQSteYQ==" | ||
| user_natasha_romanoff_name = "natasha.romanoff" | ||
| "user_natasha_romanoff_name": { | ||
| "sensitive": false, | ||
| "type": "string", | ||
| "value": "natasha.romanoff" | ||
| }, | ||
| "user_natasha_romanoff_login_profile_encrypted_password": { | ||
| "sensitive": true, | ||
| "type": "string", | ||
| "value": "wcDMAyRZJTaxw5v1AQwAy6c...............2mBIbNFxF1Tp/ilvyk8eEHvAA=" | ||
| } |
There was a problem hiding this comment.
@rodriguez-matias Matu, I'm wondering why you've changed this command with the json output instead of the original one
There was a problem hiding this comment.
@exequielrafaela with the original method, in order to get the temp credentials , we need to do:
- change the sensitive argument from true to false .
- Save the changes and then run the apply + output commands
- Then change it back again to sensitive = True
- And apply again the changes
with the output -json command we can obtain the value of the temp passwd without make any change in the code
There was a problem hiding this comment.
@rodriguez-matias I see, I think that is by design, so this seems to be some kind of workaround to skip that. But you have a good point that even if the sensitive property it's set to "True" we can skip that "secure" config.
Let's discuss this along @angelofenoglio and @diego-ojeda-binbash in order to have their feedback.
| leverage terraform output -json | ||
| ``` | ||
| ``` | ||
| ... | ||
| user_natasha_romanoff_login_profile_encrypted_password = "SipVOzVtNTI0Ml...EZmJFxxQSteYQ==" | ||
| user_natasha_romanoff_name = "natasha.romanoff" | ||
| "user_natasha_romanoff_name": { | ||
| "sensitive": false, | ||
| "type": "string", | ||
| "value": "natasha.romanoff" | ||
| }, | ||
| "user_natasha_romanoff_login_profile_encrypted_password": { | ||
| "sensitive": true, | ||
| "type": "string", | ||
| "value": "wcDMAyRZJTaxw5v1AQwAy6c...............2mBIbNFxF1Tp/ilvyk8eEHvAA=" | ||
| } |
There was a problem hiding this comment.
@rodriguez-matias I see, I think that is by design, so this seems to be some kind of workaround to skip that. But you have a good point that even if the sensitive property it's set to "True" we can skip that "secure" config.
Let's discuss this along @angelofenoglio and @diego-ojeda-binbash in order to have their feedback.
What?
For this this step it must say: Change output sensitive argument from
truetofalse, to be able to show the encrypted passwd.But then we also need add some comment to change it back again once we get the tmp passwd.
I think another better option, is to directly run the output with the --json flag like this :
leverage terraform output --jsonThis command shows you the value without the need for any code changes .
Where?
https://leverage.binbash.com.ar/first-steps/post-deployment/#get-the-temporary-password-to-access-aws-console
Change Preview