Terrateam Security and Data Protection Information


Last Updated: 7 November 2024

Security Information

Terrateam takes many measures to make sure customer data stays private. This includes following security best practices and various other steps listed in this document. A coordinated approach is taken to protect customer data focusing on technical and procedural solutions.

This document is an overview of Terrateam information security policies and procedures. It is not exhaustive. The below should not be relied on as a warranty of any services Terrateam provides or in any other way as amending or modifying our Terms of Service.

Terrateam will re-evaluate our information security procedures from time to time, but does not have an obligation to proactively communicate updates on this document should any changes occur. The following documents will be kept up to date and users are encouraged to occasionally review these pages:

Please contact security@terrateam.io if you think you’ve found a security issue.

Who Can See My Team’s Data?

Terrateam operates within the context of your GitHub organization or repository. It responds to webhook events (e.g., pull request openings, closings, and comments) and respects your GitHub permissions model to ensure data visibility matches what is defined within your GitHub settings.

To receive data from your GitHub organization, either you or an organization admin must install the Terrateam GitHub App.

Once the app is installed, you have full control over which repositories Terrateam interacts with. It responds to webhook events as needed, without altering your code.

Your engineering team logs into Terrateam using their GitHub accounts and can only view data from repositories they can access on GitHub.

If you choose to stop using Terrateam, uninstall the Terrateam GitHub App, and your data will be scheduled for permanent deletion from our systems through a hard deletion process to ensure complete removal.

How Secure Is Terrateam?

Terrateam is hosted on Fly.io and built using OCaml, a functional programming language known for its reliability and safety, adhering to modern development principles for reliability and scalability.

We do not share your data with any third parties.

All authentication and data interactions are conducted using the GitHub Apps API to ensure secure and efficient communication.

Customer code is never stored on our servers. All code interactions and Terraform operations are executed on GitHub Actions’ isolated runners, ensuring that customer code remains secure and isolated.

Our team follows strict access control protocols, minimizing the number of employees who have access to your code.

We are in the process of obtaining SOC 2 Type II certification, which involves rigorous audits to validate our commitment to data security and compliance with industry standards. We are happy to respond to any security-related inquiries or complete your security questionnaires.

We maintain point-in-time database backups but enforce hard deletion for data removal to ensure data is erased permanently.

How Does Terrateam Handle Sensitive Data?

Terrateam takes the handling of sensitive data seriously. Plan files, plan outputs, secrets, and any related sensitive information are managed with strict protocols to ensure their security:

  • Secrets Management: Secrets such as API keys and tokens are never stored by Terrateam unless explicitly defined by the user’s configuration. We recommend using GitHub’s built-in secrets management for secure storage.
  • Plan Files and Outputs: Terrateam ensures that plan files and outputs are only visible to team members with the appropriate permissions on GitHub. Plan files can be stored securely within Terrateam’s infrastructure or on customer-owned infrastructure, based on preference. Plan outputs are masked to prevent the exposure of GitHub Secrets or other sensitive data.
  • Data Encryption: All temporary data, including sensitive plan outputs, is secured using industry-standard encryption protocols while in transit. While at rest, our database encryption ensures sensitive data remains protected where applicable.
  • Secure Webhooks: Communication between GitHub and Terrateam is facilitated through secure webhooks, ensuring data integrity and protection during data transfer.
  • Access Controls: We apply strict access control measures, ensuring that only the minimal number of employees have access to systems handling sensitive data.

Terrateam is designed to give users confidence that their sensitive data remains protected at all times.

Data Center Security

Terrateam uses virtual machines located in the United States in secure and shared hosting facilities with redundant and reliable access. All Terrateam virtual machines are logically segregated from other virtual machines in the hosting facility.

  • All virtual machines are located in Fly.io data centers in the United States
  • Virtual machines are exclusively used for Terrateam
  • Redundant power, cooling, and internet connectivity
  • 24/7 staffed security
  • Restricted physical access with biometrics controls

Fly.io is SOC 2 Type II compliant. More information can be found here: https://fly.io/security

Application Security

Terrateam is a GitHub application that translates GitHub events into Terraform operations. There are two major components of the Terrateam service:

  • The backend which receives GitHub events and makes decisions using the event payload
  • The GitHub Actions runner which is hosted on the GitHub Actions platform and executes the jobs that the backend creates

Many security measures are put in place:

  • Security best practices followed
  • Security logs regularly reviewed
  • Patches applied on regular intervals
  • Firewalls implemented in front of all internal and external endpoints
  • Security policies in place that follow the principle of least privilege
  • TLS encrypted connections required for application access
  • Application uses well-tested open source software
  • Regular security audits
  • Formal process in place to grant elevated access to systems
  • Data encrypted in-transit and at-rest
  • Vendor provided passwords have been changed from default
  • Encrypted backups

Data Privacy

Terrateam does not access source code repositories directly except for the Terrateam configuration file that lives within the repository. The application will execute a git clone against a customer repository within the GitHub Actions runtime environment in order to perform Terrateam operations.

Customers may choose to leverage GitHub Secrets for Terrateam operations that take place within the GitHub Actions runtime environment. Terrateam does not read these secrets and they are not explicitly sent back to the Terrateam backend outside of Terraform plan files which could contain sensitive information. Terrafor plan files are necessary to store on the Terrateam backend in order for the application to operate. plan files are encrypted at-rest and deleted as soon as they are used by their respective operation or after 14 days.

GitHub Application Permissions

The Terrateam GitHub application requires customer permissions. An explanation of each permission can be found below.

Repository Permissions

Actions: Read and Write

Workflows, workflow runs and artifacts.

Execute Terrateam operations.

Checks: Read-Only

Checks on code.

Validate GitHub checks have passed before running a Terrateam apply.

Commit statuses: Read and Write

Commit statuses.

Provide user feedback on Terrateam operations and validate commit statuses before running a Terrateam apply.

Contents: Read and Write

Repository contents, commits, branches, downloads, releases, and merges.

Retrieve the Terrateam configuration file.

Issues: Read and Write

Issues and related comments, assignees, labels, and milestones.

Create and update issues for drift detection.

Metadata: Read-Only

Search repositories, list collaborators, and access repository metadata.

Required by GitHub.

Pull Requests: Read and Write

Pull requests and related comments, assignees, labels, milestones, and merges.

Trigger Terrateam operations and merge a pull request.

Secrets: Read and Write

Manage Actions repository secrets.

Future implementation of a secrets management interface.

The Secrets read permission only allows Terrateam to retrieve the secret name without revealing its encrypted value.

Organization Permissions

Members: Read-Only

Organization members and teams.

Used for access control and other internal Terrateam operations.

Account Permissions

Email Addresses: Read-Only

Manage a user's email addresses.

Account-related emails only.

GitHub Application Events

The Terrateam GitHub application requires repository event subscriptions. An explanation of each subscription can be found below.

Issue Comment

Issue comment created, edited, or deleted.

Trigger Terrateam operations.

Issues

Issues opened, edited, deleted, transferred, pinned, unpinned, closed, reopened, assigned, unassigned, labeled, unlabeled, milestoned, demilestoned, locked, or unlocked.

Trigger Terrateam operations.

Pull Request

Pull request assigned, auto merge disabled, auto merge enabled, closed, converted to draft, demilestoned, dequeued, edited, enqueued, labeled, locked, milestoned, opened, ready for review, reopened, review request removed, review requested, synchronized, unassigned, unlabeled, or unlocked.

Trigger Terrateam operations.

Push

Git push to a repository.

Trigger Terrateam operations.

Workflow Job

Workflow job queued, requested or completed on a repository.

Track when Terrateam workflow jobs are queued, requested, or completed.

Workflow Run

Workflow run requested or completed on a repository.

Track when Terrateam workflow runs are requested or completed.

Incident Response

Terrateam prioritizes the security and integrity of our systems and data. Our incident response plan outlines how we address and manage potential security incidents to minimize impact and uphold our commitment to customer trust and data protection. This plan provides an outline of our procedures for managing security incidents from initial detection through to resolution and post-incident analysis.

Preparation

Our preparation ensures that our team is ready to respond to security incidents:

  • Team training: All team members receive regular training on the latest security threats and response strategies.
  • Tools and resources: We maintain up-to-date security monitoring and response tools to ensure rapid detection and resolution of security issues.

Identification

Quickly identifying incidents is crucial for effective response:

  • Monitoring tools: Our monitoring systems continuously scan for unusual activity indicative of a security incident.
  • Alert protocols: We have protocols in place to ensure that any potential security incident is immediately escalated to the appropriate personnel.

Containment

Our containment strategies are designed to limit the impact of an incident:

  • Immediate containment: We take immediate action to isolate affected systems to prevent the spread of any threat.
  • Long-term containment: We assess and implement changes to prevent future occurrences, which may include system enhancements or additional security measures.

Eradication

Removing the threat is a critical step in our process:

  • Root cause analysis: We investigate to understand the source of the incident and take steps to remove any threats from our environment.
  • System cleanup: After eradicating the threat, we perform a thorough cleanup to ensure no remnants of the incident remain.

Recovery

Our recovery process ensures that our services return to full functionality securely and efficiently:

  • System restoration: Systems are carefully brought back online with enhanced monitoring to ensure stability and security.
  • Post-recovery monitoring: Additional monitoring post-recovery helps ensure no recurrence of the incident.

Lessons Learned

Every incident provides an opportunity to enhance our security posture:

  • Review and analysis: We conduct detailed reviews of our response to understand what happened, how we responded, and how we can improve.
  • Plan updates: Insights gained from the incident are used to strengthen our incident response plan and security measures.

Communication with Customers

Transparency is key to our approach:

  • Timely notification: We communicate honestly and promptly with our customers if their data or services are affected.
  • Clear communication: Our updates are clear, providing essential information without unnecessary complexity.

Keeping Your Data Safe and Secure

Terrateam is dedicated to protecting your data with strong security measures and a quick-response plan. We keep only essential customer data to ensure maximum safety, making it much harder for breaches to expose significant information. We constantly improve our security to handle new threats and make our systems better. Your trust is very important to us, and we work hard to keep it with openness, careful attention, and ongoing improvements.