Terraform Integration

Wrap terraform apply with a SilentAuth approval gate to ensure a human reviews the plan output before any cloud infrastructure changes are applied.

Using the CLI Wrapper

Install the SilentAuth CLI and use sa run to gate any command:

# Install CLI
npm install -g @silentauth/cli

# Gate terraform apply
SA_PROJECT_ID=proj_xxx SA_SECRET_KEY=sk_live_xxx \
  sa run \
    --action apply_production_infra \
    --approvers ops-team \
    --timeout 30m \
    -- terraform apply -auto-approve tfplan

Script-Based Integration

For full control, use the SDK in a deployment script:

#!/usr/bin/env node
import { SilentAuth } from '@silentauth/sdk';
import { execSync } from 'child_process';
import { readFileSync } from 'fs';

const sa = new SilentAuth({
  projectId: process.env.SA_PROJECT_ID,
  secretKey:  process.env.SA_SECRET_KEY,
});

// Generate plan and capture output
execSync('terraform plan -out=tfplan');
const planOutput = execSync('terraform show -no-color tfplan').toString();

// Request approval with plan details
const intent = await sa.createIntent({
  action: 'apply_production_infra',
  params: { planSummary: planOutput.slice(0, 2000) },
  approvers: ['infra-team'],
  expiresIn: 1800,
});

console.log('Waiting for approval:', intent.approvalUrl);

const permit = await intent.waitForApproval({ timeout: 1800_000 });
if (permit.status !== 'approved') {
  console.error('Deployment denied.');
  process.exit(1);
}

sa.validatePermit(permit.token); // throws if invalid
execSync('terraform apply -auto-approve tfplan', { stdio: 'inherit' });

Terraform Cloud / HCP Terraform

Use a Run Task to add SilentAuth approval as a pre-apply check in Terraform Cloud workspaces. Configure the Run Task endpoint in your workspace settings pointing to:

https://api.silentauth.io/v1/terraform/run-task

Set the HMAC key to your project secret key. SilentAuth will receive the plan details, request approver sign-off, and respond to Terraform Cloud with pass/fail.