Skip to content

Commit 9d7d472

Browse files
committed
update intro; fix bullet nesting
1 parent ce30123 commit 9d7d472

File tree

1 file changed

+16
-12
lines changed

1 file changed

+16
-12
lines changed

docs/tutorials/best-practices/security-best-practices.md

Lines changed: 16 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,15 @@
1-
# Best Practices for Coder Security
1+
# Security - best practices
22

3-
December 30, 2024
3+
December 17, 2024
44

55
---
66

7-
This best practices guide is separated into parts to help you secure your Coder
8-
deployment through understanding each threat model, hardening authentication,
9-
and encryption.
7+
This best practices guide is separated into parts to help you secure aspects of
8+
your Coder deployment.
9+
10+
Each section briefly introduces each threat model, then suggests steps or
11+
concepts to help implement security improvements such as authentication and
12+
encryption.
1013

1114
As with any security guide, the steps and suggestions outlined in this document
1215
are not meant to be exhaustive and do not offer any guarantee.
@@ -277,16 +280,17 @@ in `.tfvars` or other files uploaded with the template.
277280
Instead do one of the following:
278281

279282
- Store secrets in a central secrets manager.
280-
- Access the secrets at build time via a Terraform provider.
281283

282-
This can be through
283-
[Vault](https://registry.terraform.io/providers/hashicorp/vault/latest/docs)
284-
or
285-
[AWS Secrets Manager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret).
284+
- Access the secrets at build time via a Terraform provider.
285+
286+
This can be through
287+
[Vault](https://registry.terraform.io/providers/hashicorp/vault/latest/docs)
288+
or
289+
[AWS Secrets Manager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret).
286290

287291
- Place secrets in `TF_VAR_*` environment variables.
288-
- Provide the secrets to the relevant Provisioner Daemons and access them via
289-
Terraform variables with `sensitive = true`.
292+
- Provide the secrets to the relevant Provisioner Daemons and access them via
293+
Terraform variables with `sensitive = true`.
290294
- Use Coder parameters to accept secrets from end users at build time.
291295

292296
Coder does not attempt to obscure the contents of template files from users

0 commit comments

Comments
 (0)