There are 5 rules that can help you secure your Terraform Infrastructure:
#1: Don’t Store Secrets in Plain Text(Encrypt them)
#2: Keep Your Terraform State Secure
#3: Environment Variables
#4: Encrypted Files (e.g., KMS, PGP, SOPS)
#5: Secret Stores (e.g., Vault, AWS Secrets manager)
We will Focus on #1
Store and Encrypt Credentials in Jenkins (Access and Secret Key)
In this step, we will be storing and encrypting the access and secret key in Jenkins to maximize security and minimize the chances of exposing our credentials.
- Go to Manage Jenkins > Manage Credentials > Click on Jenkins the highlighted link as shown below
- Select Add Credentials
- Choose Secret text in the Kind field
- Enter the following below:
Note: Modify the yellow highlighted text with the right value.
- Secret = EnterYourSecretKeyHere
- ID = AWS_SECRET_ACCESS_KEY
- Description = AWS_SECRET_ACCESS_KEY
Click OK
Add another credential and enter the following:
- Secret = EnterYourAccessIDHere
- ID = AWS_ACCESS_KEY_ID
- Description = AWS_ACCESS_KEY_ID
Click OK
