feat!: add redis TLS support #60
Conversation
|
Thanks for the PR! 🚀 |
variables.tf
Outdated
| variable "transit_encryption_mode" { | ||
| description = "The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance." | ||
| type = string | ||
| default = "DISABLED" |
There was a problem hiding this comment.
This seems like something we should enable by default with a breaking release although there are some performance caveats.
/cc @morgante
There was a problem hiding this comment.
I agree, we should cut a breaking change for this. It looks more secure.
There was a problem hiding this comment.
Enable redis_auth as well?
There was a problem hiding this comment.
Probably not. For auth, I think IAM is better.
There was a problem hiding this comment.
This feature requires the Certificate Authorities (CA) that are used to verify the identity of the server, see: https://cloud.google.com/memorystore/docs/redis/in-transit-encryption
I think the output should include the cert so I can say, save it in Secret Manager for use by a VM or Container.
I might be able to fork and implement the CA feature at some future time, but not for a few weeks at least. Should I open a new issue or PR to change the default to "DISABLED" for now?
Thank you for your work on the modules by the way, they have been very helpful!
There was a problem hiding this comment.
Open an issue please.. i might be able to get to it today
There was a problem hiding this comment.
Wow, blown away by the help. Let me know if I can contribute anything to follow up (docs, testing). Cheers!
|
@bharathkkb @morgante good to go on this? Would like to close out this week so I can use it next week. |
No description provided.