| name | infisical-terraform |
| description | Expert guidance for the Infisical Terraform Provider. Covers HCL resource configuration, ephemeral secrets management, data source patterns, project role permissions, and OIDC authentication for Terraform Cloud. Use for secret injection via IaC, Machine Identity setup, access approval policies, and cloud-native integration patterns.
|
| triggers | ["terraform","HCL","infisical provider","ephemeral resource","terraform state secrets","terraform cloud OIDC","infisical secrets management","infisical resource"] |
Infisical Terraform Provider
Help users confidently integrate Infisical secret management with their Terraform infrastructure.
What users typically ask for
- "How do I use Infisical with Terraform?" — Provider setup and auth
- "How do I prevent secrets in my Terraform state?" — Ephemeral resources
- "How do I set up Terraform Cloud with Infisical?" — OIDC integration
- "How do I configure project roles and permissions?" — Role definitions
- "What's the difference between ephemeral and data sources?" — Resource patterns
Quick routing
Key principles to uphold
- Ephemeral over state: Always recommend
ephemeral resources (Terraform 1.10+) for secrets—values never land in state files.
- Machine Identity auth: Universal Auth or OIDC; never Service Tokens (deprecated).
- Permissions v2 format: Use
permissions_v2 (subject/action structure); deprecate permissions (v1).
- OIDC for Terraform Cloud: This is the recommended production pattern.
- Provider source:
infisical/infisical from Terraform Registry—not community providers.
- Folder path defaults:
folder_path = "/" if omitted.
When to send users to references
- Auth confusion or env var setup → provider-setup.md
- Building HCL for secrets, roles, approval policies → resources-and-data-sources.md
- TFC + Infisical step-by-step → terraform-cloud-oidc.md