» Data Security

Terraform Cloud takes the security of the data it manages seriously. This table lists which parts of the Terraform Cloud and Terraform Enterprise app can contain sensitive data, what storage is used, and what encryption is used.

» Terraform Cloud and Enterprise

Object Storage Encrypted
Ingressed VCS Data Blob Storage Vault Transit Encryption
Terraform Plan Result Blob Storage Vault Transit Encryption
Terraform State Blob Storage Vault Transit Encryption
Terraform Logs Blob Storage Vault Transit Encryption
Terraform/Environment Variables PostgreSQL Vault Transit Encryption
Organization/Workspace/Team Settings PostgreSQL No
Account Password PostgreSQL bcrypt
2FA Recovery Codes PostgreSQL Vault Transit Encryption
SSH Keys PostgreSQL Vault Transit Encryption
User/Team/Organization Tokens PostgreSQL HMAC SHA512
OAuth Client ID + Secret PostgreSQL Vault Transit Encryption
OAuth User Tokens PostgreSQL Vault Transit Encryption

» Terraform Enterprise Specific

Object Storage Encrypted
Twilio Account Configuration PostgreSQL Vault Transit Encryption
SMTP Configuration PostgreSQL Vault Transit Encryption
SAML Configuration PostgreSQL Vault Transit Encryption
Vault Unseal Key PostgreSQL ChaCha20+Poly1305

» Vault Transit Encryption

The Vault Transit Secret Engine handles encryption for data in-transit and is used when encrypting data from the application to persistent storage.