Provider configurations are required for Terraform runs to execute, but you decide where configurations are actually stored. Scalr.io provides the ability to store encrypted Provider Configurations and will automatically pass them to runs. Some business requirements, like a Business Associate Agreement (BAA), require that the configurations are not stored with a SaaS vendor and Scalr can accommodate this as well.
For businesses who must store the configurations outside of Scalr, you have the option of using the Self Hosted Agent Pools, which provides flexibility in where the configurations are stored. Agents are placed in the network of your choice and scalr.io will never have a connection to the agent, the agent only pulls information from scalr.io and executes Terraform runs accordingly. Because provider configurations just need to be passed to the Terraform runs as shell variables, this gives you flexibility on how the configurations are actually supplied:
- Using automation to set it as an OS variable on the agent server.
- Pulled from a vault at the time of run execution with custom hooks.
- Inherited from the instance profile of the server that the agent is hosted on.
Any of these methods ensure that scalr.io never has access to your configurations and it is solely managed within your network.
Updated 2 months ago