Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve Password Security: Generate 128-bit Entropy Passwords and Enable Password Rotation #241

Closed
ann8ty opened this issue Nov 25, 2024 · 2 comments

Comments

@ann8ty
Copy link

ann8ty commented Nov 25, 2024

Issue

We recently encountered a limitation with password generation during our implementation process. While using TimescaleDB version 1.11.0 and Terraform 1.7 (we are now on version 1.12.0 and Terraform 1.9.8), we created a new timescale_service, and passwords were automatically generated for it.

However, upon review, we found that these passwords:

  1. Are 16 characters long and simple in structure.
  2. Have an estimated 48 bits of entropy, which do not meet modern security requirements.

To enhance user security, we kindly request the following improvements:

1. Generate Stronger Passwords by Default:

Automatically generate passwords with at least 128 bits of entropy. This would significantly improve resistance to brute-force attacks and align with best practices for modern cryptographic security.

2. Enable Password Rotation:

Allow users to rotate passwords seamlessly for existing timescale_service instances. This feature would benefit all users by enabling them to improve password security without disrupting operations.

Benefits

  1. Improved Security: Higher entropy passwords reduce vulnerability to brute-force attacks.
  2. Compliance Alignment: Helps organizations meet strict password policies and regulatory requirements.
  3. Enhanced User Trust: Security-conscious users will feel more confident using TimescaleDB for sensitive workloads.

Related Issue: #210

@minkimipt
Copy link
Contributor

Hello @ann8ty. The version of provider that you are running allows you to control the password of your service from terraform configuration. The issue that you linked contains the commit that enabled that feature for the provider. You are free to enforce any password policy that works for you.

@ann8ty
Copy link
Author

ann8ty commented Nov 26, 2024

@minkimipt thanks for clarifying that, it was not evident!

@Khyme Khyme closed this as completed Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants