ServiceNow Terraform plugin updates: No-code execution mode, key-value tags, and enhanced security

This week, we’ve released updates to two of the ServiceNow plugins for Terraform. First, we’ve released version 2.8 of the ServiceNow Service Catalog for Terraform. This update lets users specify an execution mode when provisioning infrastructure using no-code workspaces. This update also includes the ability to submit Terraform workspace tags stored as key-value pairs.

Second, we’ve released version 1.2 of the Service Graph Connector for Terraform. This update introduces a critical security update that switches the app to more advanced encryption standards. It now uses ServiceNow’s native Certificate Encryption API for secure token decryption, ensuring safe and seamless integration between HCP Terraform and the ServiceNow Configuration Management Database (CMDB).

This post will dive into the benefits for each of these enhancements.

»Execution mode specification for no-code workspaces ordered through ServiceNow

Historically, when provisioning a no-code workspace in the ServiceNow Service Catalog users were not able to specify an execution mode. However, with the latest release, we’re thrilled to provide this highly requested feature to our users.

The two execution modes supported are “Remote” and “Agent”:

• The remote execution mode instructs the workspace to use HCP’s platform to perform its run.
• The agent execution mode allows users to specify which agent pool the run should take place on.

These new capabilities make it easier for admins to choose the right execution environment based on their specific needs and infrastructure constraints, providing an optimized workflow for provisioning no-code workspaces.

You can choose between the two execution modes on the “Provision No-Code Workspace and Deploy Resources” catalog item:

»Store Terraform workspace tags as key-value pairs

The new ServiceNow Service Catalog for Terraform release also adds support for key-value pair tags. This change is part of a broader strategy to bring the Terraform Catalog closer to the capabilities of the HCP platform.

With the growing adoption of self-serve provisioning using Terraform via ServiceNow, the ability to effectively manage and group workspaces using tags has become a vital feature. Tags provide admins with contextual awareness, making it easier to organize and track workspaces. In previous versions, the ServiceNow Terraform integration supported tags in a flat-string list format, which provided a basic way to categorize workspaces.

This update allows for more granular and meaningful categorization of workspaces, offering the ability to associate additional metadata with each workspace. By adopting this new key-value pair format, administrators can manage and track workspaces in HCP Terraform with greater flexibility and precision.

The update will not only impact the backend, where the “Create Workspace” request body will be updated to include tag-bindings in the relationships attribute, but also the frontend, where users will interact with the catalog items and use the “Workspace Tags” field to enter the tags in the format “env: prod, instance: test”.

“Create Workspace”, “Update Workspace”, and “Provision Resources” are the key catalog item forms that have been updated to accept both flat string tags and key-value pair tags in a single line text box. The key-value format is expected to become the standard over time, so application users are encouraged to transition to it.

»Enhanced security in the Service Graph Connector for Terraform

With the ServiceNow Service Graph Connector for Terraform, you can automatically import resources from HCP Terraform (or Terraform Enterprise) into the ServiceNow CMDB. It gives you a centralized view of your organization’s Terraform resources so you can manage them alongside the rest of your IT infrastructure.

We’re excited to announce the release of version 1.2 of the Service Graph Connector for Terraform, which contains an important security update recommended by ServiceNow and aligned with the National Institute of Standards and Technology (NIST) guidelines. This upgrade includes the adoption of advanced encryption standards, providing a secure connection between HCP Terraform and ServiceNow.

Previously, the app utilized a mechanism that decrypted the HMAC tokens included in the webhook notification requests sent by HCP Terraform after a successful Terraform run. With this update, the app now leverages the ServiceNow native Certificate Encryption API to process the tokens. This enhancement ensures secure access to the request body, facilitating the import of Terraform resources into the ServiceNow CMDB.

With version 1.2, you can confidently import Terraform resources into the ServiceNow CMDB, knowing your data and connections are protected by the latest security enhancements.

»Learn more about ServiceNow integrations for HCP Terraform

For more details about Terraform provisioning with ServiceNow, please review the Service Catalog for Terraform documentation. To learn about importing Terraform resources into your ServiceNow instance, visit the Service Graph Connector for Terraform documentation.

Additional resources for your integration journey include:

• Install the Terraform app from the ServiceNow Store
• Install the Service Graph Connector for Terraform from the ServiceNow Store
• Learn how to use HCP Terraform no-code modules in the ServiceNow Service Catalog with this hands-on tutorial