Terraform Cloud Token

Description#

General#

Documentation: https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
Summary: Terraform is a product built by HashiCorp to help organizations manage their software infrastucture. This detector detects the three types of tokens used to interact with the API: user, teams and organization tokens.
IPs allowlist: This feature is not described in the documentation.
Scopes: The different scopes available for tokens are described in the access levels documentation.

Revoke the secret#

Tokens can be revoked from the API. As an example, this is the request to revoke a user token.

Check for suspicious activity#

Terraform doesn't provide a way to check for suspicious activity.

Details for `Terraform cloud personal token`#

Family: Api
Category: Cloud Provider
Company: Terraform
High recall: True
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.74
Prefixed: True
PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - atlasv1

Examples#

- text: >    "token": "yaALfD5CKdorzg.atlasv1.K1lUlJwaAZ0MAAIVakIUVJnfcwkrz9feswayIacpYfY6el7AM5QpUlgbbVoHFfnG8kQ"  apikey: yaALfD5CKdorzg.atlasv1.K1lUlJwaAZ0MAAIVakIUVJnfcwkrz9feswayIacpYfY6el7AM5QpUlgbbVoHFfnG8kQ

Description#

General#

Revoke the secret#

Check for suspicious activity#

Details for Terraform cloud personal token#

Examples#

Details for `Terraform cloud personal token`#