Cloud Provider Credentials

Cloud Provider Credentials store the authentication details Terraform uses to provision infrastructure on AWS, Azure, or GCP.

• Click 'Cloud Provider Credentials' in the left sidebar

1. 1

   Amazon Web Services (AWS)

   • Required fields:
   • Access Key ID
   • Secret Access Key
   • Region (default region for operations)
   • Optional:
   • Session Token (for temporary credentials)
   • IAM Role ARN (for cross-account access)
2. 2

   Microsoft Azure

   • Required fields:
   • Subscription ID
   • Tenant ID
   • Client ID (Application ID)
   • Client Secret
   • Optional:
   • Resource Group (default)
3. 3

   Google Cloud Platform (GCP)

   • Required fields:
   • Project ID
   • Service Account Key JSON (file content or path)
   • Optional:
   • Region and Zone defaults

1. 1

   Click 'Add Credentials'
2. 2

   Select the cloud provider
3. 3

   Enter a descriptive name (e.g., 'AWS Prod US-East')
4. 4

   Fill in the required authentication fields
5. 5

   Click 'Save'

• All credentials are encrypted at rest
• Credentials are never displayed in plain text after saving
• Only users with the appropriate permission can view or use credentials
• Credentials are injected into VS Containers as environment variables at runtime

• Create separate credentials for each environment (Dev, Staging, Prod)
• Use IAM roles with minimum required permissions (principle of least privilege)
• Rotate credentials regularly
• Never share credentials through chat or email — use the Credentials system

• Cloud provider credentials are associated with projects during project creation or in project settings
• The assigned credentials are used when running Terraform operations in that project's workspaces