Supporting GitHub Environments with Terrateam

By Malcolm Matalka on Apr 23, 2024
GitHub Environments Integration

We are excited to announce our new support for GitHub Environments. This integration allows you to leverage GitHub Environments with Terrateam workflows, providing a safe and secure way to manage your infrastructure as code.

GitHub Environments

GitHub Environments is a feature that allows you to define environments such as development, staging, and production within GitHub Actions. By integrating GitHub Environments with Terrateam, you can ensure that your Terraform plan and apply operations are tightly coupled with your infrastructure environments. Combining this with access controls and workflows allows teams to greatly enhance their security posture.

How It Works

To associate a Terrateam workflow with a GitHub environment, you can specify the environment attribute in your Terrateam configuration file (.terrateam/config.yml).

Here’s an example configuration:

workflows:
  - tag_query: production
    environment: production

In this example, the workflow with the tag_query of production is associated with the GitHub environment named production. Terrateam will use this environment when executing the workflow, ensuring that the secrets and variables defined in the production environment are accessible. You can configure multiple workflows with different GitHub environments based on your requirements.

For example:

workflows:
  - tag_query: staging
    environment: staging
  - tag_query: qa
    environment: qa

GitHub Environments + Access Control

Use GitHub Environments in combination with Access Control to isolate sensitive resources and secrets:

workflows:
  - tag_query: "dir:production"
    environment: production
access_control:
  enabled: true
  apply_require_all_dirspace_access: true
  plan_require_all_dirspace_access: false
  terrateam_config_update: ['team:admins']
  unlock: ['team:admins']
  policies:
    - tag_query: 'dir:production'
      plan: ['team:developers']
      apply: ['team:sre']

This configuration associates the production workflow with the production GitHub Environment, ensuring that secrets and resources are securely isolated. It also enables Access Control, requiring all Dirspace access for apply operations and limiting Terrateam configuration updates and unlock operations to the admins team. Additionally, it defines granular access policies based on dir tags, granting developers plan access and sre apply access for production.

By combining GitHub Environments with Access Control, you can ensure that only trusted individuals with the necessary permissions can run Terrateam operations on sensitive environments, reducing the risk of unauthorized access or execution of malicious code.

For more detailed information, visit our documentation.

We use cookies and similar technologies to provide certain features, enhance the user experience and deliver content that is relevant to your interests. Depending on their purpose, analysis and marketing cookies may be used in addition to technically necessary cookies. By clicking on "Agree and continue", you declare your consent to the use of the aforementioned cookies. Here you can make detailed settings or revoke your consent (in part if necessary) with effect for the future. For further information, please refer to our Privacy Policy .