Supporting GitHub Environments with Terrateam
Introduction
We are excited to announce our new support for GitHub Environments. This integration allows you to leverage GitHub Environments with Terrateam workflows, providing a safe and secure way to manage your infrastructure as code.
GitHub Environments
GitHub Environments is a feature that allows you to define environments such as development, staging, and production within GitHub Actions. By integrating GitHub Environments with Terrateam, you can ensure that your Terraform plan and apply operations are tightly coupled with your infrastructure environments. Combining this with access controls and workflows allows teams to greatly enhance their security posture.
How It Works
To associate a Terrateam workflow with a GitHub environment, you can specify the environment attribute in your Terrateam configuration file (.terrateam/config.yml)
.
Here’s an example configuration:
In this example, the workflow with the tag_query
of production
is associated with the GitHub environment named production
. Terrateam will use this environment when executing the workflow, ensuring that the secrets and variables defined in the production
environment are accessible. You can configure multiple workflows with different GitHub environments based on your requirements.
For example:
GitHub Environments + Access Control
Use GitHub Environments in combination with Access Control to isolate sensitive resources and secrets:
This configuration associates the production
workflow with the production
GitHub Environment, ensuring that secrets and resources are securely isolated. It also enables Access Control, requiring all Dirspace access for apply operations and limiting Terrateam configuration updates and unlock operations to the admins
team. Additionally, it defines granular access policies based on dir
tags, granting developers
plan access and sre
apply access for production.
By combining GitHub Environments with Access Control, you can ensure that only trusted individuals with the necessary permissions can run Terrateam operations on sensitive environments, reducing the risk of unauthorized access or execution of malicious code.
For more detailed information, visit our documentation.