Terraform Connector documentation results in insecure install

This is regarding the guide here:

It recommends deploying the connector instance using this code

resource "aws_instance" "twingate_connector" {
  ami           = data.aws_ami.twingate.id
  instance_type = "t3.micro"
  associate_public_ip_address = true
  key_name = aws_key_pair.ssh_access_key.key_name

  user_data = <<-EOT
    #!/bin/bash
    set -e
    mkdir -p /etc/twingate/
    {
      echo TWINGATE_URL="https://${var.tg_network}.twingate.com"
      echo TWINGATE_ACCESS_TOKEN="${twingate_connector_tokens.aws_connector_tokens.access_token}"
      echo TWINGATE_REFRESH_TOKEN="${twingate_connector_tokens.aws_connector_tokens.refresh_token}"
    } > /etc/twingate/connector.conf
    sudo systemctl enable --now twingate-connector
  EOT

  subnet_id              = aws_subnet.main.id

  tags = {
    "Name" = "Twingate Connector"
  }
}

However, this puts the values of both access token and refresh token in plain text inside the userdata of the ec2 instance. Thus anyone with ReadOnlyAccess to the AWS account can see the values for both the tokens.

hi @pdevaastra,

thank you for sharing your feedback! I’ve put in an internal request to amend the documentation.