Teraform
Terraform¶
Security¶
Validation checks with automation test
checkov¶
Usage:
pip install checkov
checkov -d /path/to/folder
tfsec¶
Usage:
brew install tfsec
tfsec /path/to/folder
terrascan¶
terraform-compliance¶
snyk¶
Usage:
brew tap snyk/tap
brew install snyk
snyk auth
snyk iac test /path/to/terraform/code
Secrets¶
Note
Make sure that you set the "Sensitive" parameter in a variable to true
Pass Variables through command line:
terraform apply --var="db_user=myuser" --var="db_pass=PASSWORD"
HashiCorp Vault¶
API based auth that can be used for multi user access to vaults
Example of Vault Secret:
provider "vault" {
address = "https://vault.example.com"
}
resource "vault_generic_secret" "example" {
path = "secret/my-secret"
data = {
key = "secret_value"
}
}
resource "aws_secretsmanager_secret" "example" {
name = "example-secret"
secret_string = vault_generic_secret.example.data["key"]
}