Replies: 1 comment 1 reply
-
Hi @sandstrom could you please open this as an issue? |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
A workflow like this would be great:
The benefit with this approach is that third-party services such as Spacelift, Env0 and the others can provide a great UI and workflow, but doesn't have to be trusted. If they are hacked, no access is lost.
It's similar to other efforts in secure development, where the CI/CD flow shouldn't necessarily be trusted, and instead cryptographic guarantees should be used (https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html).
I know this can also be hacked together outside of OpenTofu. But it's something that I think would be more useful if it was standardised and implemented in the CLI tooling.
Implementation details
Tracked in #1246
Beta Was this translation helpful? Give feedback.
All reactions