Prefer modern authentication

hashicorp/terraform

Based on 5 comments

Other

Always use modern identity-based authentication methods instead of static credentials when accessing external systems. This reduces security risks associated with credential management, rotation, and potential exposure.

Security Other

Reviewer Prompt

For Azure resources, prefer authentication methods in this order:

OpenID Connect / Workload identity federation (recommended)
Managed Identities
Azure Active Directory
Access Keys/SAS Tokens (avoid for new workloads)

# Example - Using OpenID Connect for Azure authentication
terraform {
  backend "azurerm" {
    use_oidc             = true                                    # Enable OIDC authentication
    use_azuread_auth     = true                                    # Use Azure AD authentication
    tenant_id            = "00000000-0000-0000-0000-000000000000"  # Can be set via ARM_TENANT_ID
    client_id            = "00000000-0000-0000-0000-000000000000"  # Can be set via ARM_CLIENT_ID
    storage_account_name = "abcd1234"
    container_name       = "tfstate"
    key                  = "prod.terraform.tfstate"
  }
}

When executing commands or generating credentials:

Avoid using Terraform variables directly in command strings to prevent shell injection vulnerabilities
Use the environment parameter for variable substitution
Configure credential generation parameters to ensure both security and compatibility:

# Generate a secure password with compatible special characters
ephemeral "random_password" "db_password" {
  length           = 16
  special          = true
  override_special = "!#$%&*()-_=+[]{}<>:?"
}

Comments Analyzed

Other

Primary Language

Security

Prefer modern authentication

Reviewer Prompt

Source Discussions

Add Repository

Private Repository