Terraform Cloud Token
Description
General
- Documentation: https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
- Summary: Terraform is a product built by HashiCorp to help organizations manage their software infrastructure. This detector detects the three types of tokens used to interact with the API: user, teams and organization tokens.
- IPs allowlist: This feature is not described in the documentation.
- Scopes: The different scopes available for tokens are described in the access levels documentation.
Revoke the secret
Tokens can be revoked from the API. As an example, this is the request to revoke a user token.
Check for suspicious activity
Terraform doesn't provide a way to check for suspicious activity.
Details for Terraform cloud personal token
-
Family: Api
-
Category: Cloud Provider
-
Company: Terraform
-
High recall: True
-
Validity check available: True
-
Analyzer available: True
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 0.74
-
Prefixed: True
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- \.atlasv1\.
Examples
- text: |
"token": "yaALfD5CKdorzg.atlasv1.K1lUlJwaAZ0MAAIVakIUVJnfcwkrz9feswayIacpYfY6el7AM5QpUlgbbVoHFfnG8kQ"
apikey: yaALfD5CKdorzg.atlasv1.K1lUlJwaAZ0MAAIVakIUVJnfcwkrz9feswayIacpYfY6el7AM5QpUlgbbVoHFfnG8kQ
