Teraform - Documentation

Link to this headingTerraform

Warning: data “external” blocks run bash commands and might be vulnerable to attacks

Link to this headingSecurity

Validation checks with automated testing

Check Custom Providers

Link to this headingcheckov

Usage:

pip install checkov checkov -d /path/to/folder

Link to this headingtfsec

Usage:

brew install tfsec tfsec /path/to/folder

Link to this headingterrascan

Link to this headingterraform-compliance

Link to this headingsnyk

Usage:

brew tap snyk/tap brew install snyk snyk auth snyk iac test /path/to/terraform/code

Link to this headingSecrets

Pass Variables through command line:

terraform apply --var="db_user=myuser" --var="db_pass=PASSWORD"

Link to this headingHashiCorp Vault

API-based authentication that can be used for multi-user access to vaults.

Example of Vault Secret:

provider "vault" { address = "https://vault.example.com" } resource "vault_generic_secret" "example" { path = "secret/my-secret" data = { key = "secret_value" } } resource "aws_secretsmanager_secret" "example" { name = "example-secret" secret_string = vault_generic_secret.example.data["key"] }

Link to this headingAWS Secrets Manager

Link to this headingAzure Key Vault

Link to this headingGCP Secret Manager

Link to this headingTerraform Cloud Variable Store