Skip to content

docs(http backend): warn against using skip_cert_verification in production; surface mTLS alternatives #983

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs(http backend): warn against using skip_cert_verification in production; surface mTLS alternatives #983

wants to merge 1 commit into from

Conversation

youming1970
Copy link

Docs-only hardening; no behavior change.

  • Add a visible warning that skip_cert_verification disables TLS verification and is not appropriate for production.
  • Point readers to mTLS options already supported by the HTTP backend (client_certificate_pem, client_private_key_pem, client_ca_certificate_pem).
  • Nudge readers to use proper trust configuration and to handle secrets per "Credentials and Sensitive Data".

Related to hashicorp/terraform#37568.

@youming1970 youming1970 requested review from a team as code owners September 23, 2025 14:26
@hashicorp-cla-app HashiCorp CLA App
Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

1 similar comment
@hashicorp-cla-app HashiCorp CLA App
Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 23, 2025
edited
Loading

Vercel Previews Deployed

Name Status Preview Updated (UTC)
Dev Portal ✅ Ready (Inspect) Visit Preview Tue Sep 23 14:46:06 UTC 2025
Unified Docs API ✅ Ready (Inspect) Visit Preview Tue Sep 23 14:40:14 UTC 2025

@github-actions GitHub Actions
Copy link

Broken Link Checker

No broken links found! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Terraform CE
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@youming1970