Hi folks, this is a general question. I need some comments on this. What are the pros and cons of sharing the IaC/IaC repositories with the developers ? (Currently I don’t share it)
The only real reason I have to not share it is if you have secrets or other sensitive information stored in it.
If you have secrets in your repo that’s obviously not great and should be cleaned up.
If you want to keep architecture/networking information restricted from devs from a security standpoint there’s not really a way around that
Any particular reasons you’re not sharing it now?
I already encrypt the secrets for the environment, but wondering how other organizations do in this situations. Do they share all the repositories with there developer or not.
We share it all as i encourage the other devs to learn about how we write the IAC and how the architecture works. If they want to learn terraform its much easier to learn on existing projects.
I would not expect them to make production changes without supervision though. Changes cannot be put through without an authorized reviewer approving PRs. We still have separation my expertise, but we don’t restrict visibility.
I don’t understand your org structure if the development team doesn’t have access IaC setup, then no one does?
One reason why you might not want to share IaC stuff with your devs is on the principal of least privilege (access on a need to know basis).
Less clones of your repo, less likely it get’s leaked (to someone outside your org), as having the IaC repo would be useful to understand the topology of your infrastructure to identify vulnerabilities/weaknesses etc.
The devs are the least privileged access. If you share it with anyone outside of the devs, you are violating that
There are certainly models where the IaC is just not relevant to most development work flows. If you’ve appropriately separated the base infra from your application and deployment code, (e.g. write a few helm charts, deploy on top of k8s or similar flows), then there isn’t much use for them to have it anyway.
And given the nature of supply chain attacks, it seems that moving towards stronger least privileged models of access and visibility if its not actually needed can help (it’s certainly not the solution) reduce the attack surface at least. Of course that still leaves the operators as folks with over-privileged access, which sucks and needs to be controlled as well.
We share it with the devs. My team is a mandatory reviewer on all code and we have clear documentation around style/formatting and usage etc. Mostly they leave it to us, but sometimes they raise a PR for something they’ve identified.
