Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


DevOps Guide to Terraform Security

Feb 01, 2021

Using Terraform, an open source IaC tool developed by Hashicorp, to provision infrastructure provides many benefits to the management and operations of your environment. Its versatility, declarative language, and the productivity gains of using the same Infrastructure as Code (IaC) tooling across multiple cloud providers have made Terraform one of the most popular tools for infrastructure provisioning.

While there are many benefits to using Terraform as part of your infrastructure provisioning workflow, there are also some key security considerations that we will cover in this paper.

In this guide, you will learn:

  • How to security manage Secrets and prevent exposure to unauthorized users
  • Why Secure Collaboration is required to protect sensitive data and handling State correctly
  • Best ways to manage Terraform providers and modules including verification of trusted sources
  • Find inconsistency between code and cloud including how to detect and remediate drift
  • How to leverage Terraform to enforce security best practices
  • Plus, how to use Terraform as part of Threat Modeling