Supporting GitHub Environments with Terrateam

Supporting GitHub Environments with Terrateam blog post

Introduction

We are excited to announce our new support for GitHub Environments. This integration allows you to leverage GitHub Environments with Terrateam workflows, providing a safe and secure way to manage your infrastructure as code.

GitHub Environments

GitHub Environments is a feature that allows you to define environments such as development, staging, and production within GitHub Actions. By integrating GitHub Environments with Terrateam, you can ensure that your Terraform plan and apply operations are tightly coupled with your infrastructure environments. Combining this with access controls and workflows allows teams to greatly enhance their security posture.

How It Works

To associate a Terrateam workflow with a GitHub environment, you can specify the environment attribute in your Terrateam configuration file (.terrateam/config.yml).

Here’s an example configuration:

workflows:
- tag_query: production
environment: production

In this example, the workflow with the tag_query of production is associated with the GitHub environment named production. Terrateam will use this environment when executing the workflow, ensuring that the secrets and variables defined in the production environment are accessible. You can configure multiple workflows with different GitHub environments based on your requirements.

For example:

workflows:
- tag_query: staging
environment: staging
- tag_query: qa
environment: qa

GitHub Environments + Access Control

Use GitHub Environments in combination with Access Control to isolate sensitive resources and secrets:

workflows:
- tag_query: "dir:production"
environment: production
access_control:
enabled: true
apply_require_all_dirspace_access: true
plan_require_all_dirspace_access: false
terrateam_config_update: ["team:admins"]
unlock: ["team:admins"]
policies:
- tag_query: "dir:production"
plan: ["team:developers"]
apply: ["team:sre"]

This configuration associates the production workflow with the production GitHub Environment, ensuring that secrets and resources are securely isolated. It also enables Access Control, requiring all Dirspace access for apply operations and limiting Terrateam configuration updates and unlock operations to the admins team. Additionally, it defines granular access policies based on dir tags, granting developers plan access and sre apply access for production.

By combining GitHub Environments with Access Control, you can ensure that only trusted individuals with the necessary permissions can run Terrateam operations on sensitive environments, reducing the risk of unauthorized access or execution of malicious code.

For more detailed information, visit our documentation.

Infrastructure as Code. Optimized.

Ready to get started?

Experience powerful infrastructure orchestration, seamlessly integrated with GitHub.