Skip to main content Link Menu Expand (external link) Document Search Copy Copied
DevSecOps Guides

Terraform Security Checklist for DevSecOps

Table of contents

  1. Enable detailed audit logging
  2. Encrypt state files
  3. Use a strong backend access policy
  4. Limit the permissions of automation accounts
  5. Rotate secrets and access keys regularly
  6. Use version constraints in configuration files
  7. Validate configuration files before applying
  8. Regularly update Terraform and providers

List of some best practices to Terraform for DevSecOps

Enable detailed audit logging

terraform apply -var 'logging=true'

Encrypt state files

terraform apply -var 'encrypt=true'

Use a strong backend access policy

terraform apply -backend-config="..."

Limit the permissions of automation accounts

terraform apply -var 'permissions=limited'

Rotate secrets and access keys regularly

terraform apply -var 'rotate_secrets=true'

Use version constraints in configuration files

terraform apply -var 'version=..."

Validate configuration files before applying

terraform validate

Regularly update Terraform and providers

terraform init -upgrade