Vagrant Security Concerns
Databases typically contain information whose access should be restricted. For this reason, it is worth to discuss here some security concerns that Vagrant users should be aware about.
Access to the Box
By default, machines are only accessible from the local host. SSH access uses randomly generated key pairs, and therefore it is secure.
The password for root
and vagrant
is "vagrant" by default. Consider changing it.
Synced Folders
By default, the project folder in the host system is shared with the machine, which sees it as /vagrant
. This means that whoever has access to the project folder has also read and write access to the synced folder. If this is a problem, make sure to properly restrict the access to the synced folder.
Reporting Security Bugs
Note that security bugs are not reported as normal bugs. Information about security bugs are not public. See Security at HashiCorp for the details.
Content initially contributed by Vettabase Ltd.