Skip to content

Terraform Cloud PAT

Service Name: Terraform Cloud

Service Description: Terraform Cloud is a managed service offering from HashiCorp that provides a consistent workflow for Terraform users to provision infrastructure efficiently in a collaborative environment.

Service Address: https://app.terraform.io/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Terraform Cloud resources including workspaces, state files, and organization settings according to the token's permissions.

Secret Revokement URL: https://app.terraform.io/app/settings/tokens

Secret Example: AtlasV1.d2Fsa2VyLmNocmlzdG9waGVyQGV4YW1wbGUuY29tCg.TQVuEjKO1JxE3B24gV3JHeZ1AVPnXqyJvnbdwHdZ3wZUFYMqOY7UKQ7890PoiYhqW

Suspicious Activity Investigation Instructions:

  • Check Terraform Cloud audit logs for unauthorized workspace access or state modifications
  • Review recent runs and plan/apply operations for unexpected infrastructure changes
  • Verify organization membership and team permissions for unauthorized additions
  • Examine API request logs for unusual patterns or unauthorized access from unknown IP addresses Terraform Cloud Personal Access Token
  • Check for unauthorized variable or environment variable changes in workspaces

Mitigation Instructions:

  • Immediately revoke the compromised token in Terraform Cloud user settings
  • Generate a new token with appropriate permissions if needed
  • Review and revert any unauthorized infrastructure changes
  • Verify workspace settings and permissions to ensure no unauthorized access remains
  • Enable two-factor authentication for all organization members
  • Consider implementing shorter token lifetimes for future tokens