Question about security / ssl of VM created with gce_vm()

Question

Question about security / ssl of VM created with gce_vm()

ben519 opened this issue 2 years ago · 2 comments

Hey Mark, I have (probably) a dumb question..

Suppose I create a VM like

vm1 <- gce_vm(
  template = "rstudio",
  name = "myvm",
  username = "hello",
  password = "A8NW26!msi?s>",
  predefined_type = "n1-standard-1"
)

I've always just assumed this would be "secure", but I usually access the VM via a public IP which is not SSL encrypted.

So, if I were to pull my project from github onto this VM using a secret github access token, someone could steal my token, correct?

How do you deal with this issue? Should I give the IP an SSL certificate? If so, can you point me in the right direction for learning how to do this?

Thanks!

Answer 1 · 2022-04-12T15:50:43.000Z

Http connections can be intercepted potentially but this doesn't necessarily mean your RStudio password is insecure for example, or any user can see your data. I can't give security advice over GitHub issue but consider your use case, perhaps the risk is low. There are methods to vastly improve various aspects, such as https but that on its own by no means guarantees security

Answer 2 · 2022-04-12T15:53:30.000Z

Thanks, I'll send you a follow up email.