Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

random_bytes resource does not explicitly mention being "sufficiently random for cryptographic use" #529

Closed
1 task done
clatour opened this issue Feb 7, 2024 · 2 comments
Closed
1 task done

random_bytes resource does not explicitly mention being "sufficiently random for cryptographic use" #529

clatour opened this issue Feb 7, 2024 · 2 comments
Labels
enhancement

Comments

@clatour
Copy link

clatour commented Feb 7, 2024

Terraform CLI and Provider Versions

terraform-provider-random v3.6.0

Use Cases or Problem Statement

random_bytes documentation does not specifically mention being cryptographically random.

The index-level documentation for this provider mentions:

Unless otherwise stated within the documentation of a specific resource, this provider's results are not sufficiently random for cryptographic use.

Proposal

Upon inspection of the random_bytes resource, the source of bytes is coming from crypto/rand#Read and should be sufficiently random for cryptographic use -- according to the index, the resource should mention that.

The random_bytes resource being based on random_id implied this, but it would be preferable that the documentation be explicit.

How much impact is this issue causing?

Low

Additional Information

Resource added in #494

Code of Conduct

  • I agree to follow this project's Code of Conduct
@austinvalle
Copy link
Member

Duplicate of #528

@austinvalle austinvalle marked this as a duplicate of #528 Feb 9, 2024
@austinvalle austinvalle closed this as not planned Won't fix, can't repro, duplicate, stale Feb 9, 2024
@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@clatour @austinvalle