Terraform Cloud Token
- Documentation: https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
- Summary: Terraform is a product built by HashiCorp to help organizations manage their software infrastructure. This detector detects the three types of tokens used to interact with the API: user, teams and organization tokens.
- IPs allowlist: This feature is not described in the documentation.
- Scopes: The different scopes available for tokens are described in the access levels documentation.
Revoke the secret
Tokens can be revoked from the API. As an example, this is the request to revoke a user token.
Check for suspicious activity
Terraform doesn't provide a way to check for suspicious activity.
Terraform cloud personal token
Category: Cloud Provider
High recall: True
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.74
- type: ContentWhitelistPreValidator
- text: |