Vagrant Security Concerns

You are viewing an old version of this article. View the current version here.

Databases typically contain information whose access should be restricted. For this reason, it is worth to discuss here some security concerns that Vagrant users should be aware about.

Access to the Box

By default, machines are only accessible from the local host. SSH access uses randomly generated key pairs, and therefore it is secure.

The password for root and vagrant is "vagrant" by default. Consider changing it.

Synced Folders

By default, the project folder in the host system is shared with the machine, which sees it as /vagrant. This means that whoever has access to the project folder has also read and write access to the synced folder. If this is a problem, make sure to properly restrict the access to the synced folder.

Reporting Security Bugs

Note that security bugs are not reported as normal bugs. Information about security bugs are not public. See Security at HashiCorp for the details.


Content initially contributed by Vettabase Ltd.

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.