Terraform Cloud Token

Description

General

• Documentation: https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
• Summary: Terraform is a product built by HashiCorp to help organizations manage their software infrastructure. This detector detects the three types of tokens used to interact with the API: user, teams and organization tokens.
• IPs allowlist: This feature is not described in the documentation.
• Scopes: The different scopes available for tokens are described in the access levels documentation.

Revoke the secret

Tokens can be revoked from the API. As an example, this is the request to revoke a user token.

Check for suspicious activity

Terraform doesn't provide a way to check for suspicious activity.

Details for Terraform cloud personal token

• Family: Api

• Category: Cloud Provider

• Company: Terraform

• High recall: True

• Validity check available: True

• On-premise instances exist: True

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.74

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - atlasv1

Examples

- text: |
    "token": "yaALfD5CKdorzg.atlasv1.K1lUlJwaAZ0MAAIVakIUVJnfcwkrz9feswayIacpYfY6el7AM5QpUlgbbVoHFfnG8kQ"
  apikey: yaALfD5CKdorzg.atlasv1.K1lUlJwaAZ0MAAIVakIUVJnfcwkrz9feswayIacpYfY6el7AM5QpUlgbbVoHFfnG8kQ