The DevOps Guide to Terraform Security

Using Terraform, an open source IaC tool developed by Hashicorp, to provision infrastructure provides many benefits to the management and operations of your environment. Its versatility, declarative language, and the productivity gains of using the same Infrastructure as Code (IaC) tooling across multiple cloud providers have made Terraform one of the most popular tools for infrastructure provisioning.

While there are many benefits to using Terraform as part of your infrastructure provisioning workflow, there are also key security considerations that we will cover in this paper.

In this guide, you will learn how to:

• Security manage secrets and prevent exposure to unauthorized users
• Secure Collaboration is required to protect sensitive data and handling State correctly
• Manage Terraform providers and modules including verification of trusted sources
• Find inconsistency between code and cloud including how to detect and remediate drift
• Leverage Terraform to enforce security best practices
• Plus, how to use Terraform as part of Threat Modeling

This guide is no longer available.