Unique password generation
Currently, password are Gitlab CI variables to be pushed as scaleway instances credentials. This means they are stored in plain which is not a good practice.
To fix this we must :
- Generate a random password for the user, this could prevent weak and non-complex passwords.
- Execute Terraform and modify scaleway user-data containing the password.
- Use
sed
to set the new password in service configuration scripts. - Reload the services.
This could be done in the form of a job, applied only when the user ask for access.
EDIT :
Also add a possibility to replay the password generation in case of leaks.
Edited by Nathan RODET