Course · Training · Workshop

Git for IaC

Master Git workflows for Infrastructure as Code — PR-first, GitOps, policy as code, secure secrets, and scalable team collaboration.

Infrastructure as Code revolutionizes how we manage infrastructure. Git forms the foundation for successful IaC implementations. In this intensive training, you’ll learn to use Git optimally for infrastructure projects — from basic configuration to sophisticated, **PR-first** workflows for large teams. We align **GitOps principles**, **policy as code**, **remote state & locking**, **drift detection**, and **secrets management** (e.g., SOPS/Vault) to make your infrastructure development collaborative, versioned, auditable, and production-safe.

What participants say

The course was well structured and you could tell that our tutor has been working with GIT for a long time. He knew many tricks and was able to answer all questions. The course is highly recommended for participants who already have some basic knowledge of GIT and would like to deepen it. It is very helpful if you at least know the basics of GIT
Andras Andras
Client Support

These customers booked courses in the same topic cluster.More customers →

Content

Welcome to our comprehensive training on Git in the context of Infrastructure as Code. This course targets Infrastructure Engineers, DevOps/Platform teams, SREs, and system administrators who want to professionalize, scale, and secure their IaC workflows.

Git is the backbone of IaC: pull-request change gates, mandatory reviews, automatic plans, policy checks, and controlled environment promotion. This training blends concepts with hands-on practice to help you run Git workflows reliably for infrastructure projects.

You will master:

Intro to IaC & Git

  • IaC principles; push vs. pull; GitOps foundations (Argo CD/Flux)
  • Git for Terraform, Ansible, Kubernetes
  • Repo strategies: monorepo vs. polyrepo; trunk-based vs. GitFlow for IaC

Version Control for Infra

  • Dependency & module versioning (SemVer, registry, tags)

Git Fundamentals & Setup

  • Installation; global/project configs; commit signing (GPG/SSH)
  • Conventions: Conventional Commits with scopes (env/module/provider)

SSH Keys & Remotes

  • Key generation/rotation; multi-key tenancy; secure remotes
  • Upstream/downstream patterns; forks; mirrors (DR)

.gitignore for IaC

  • Ignore patterns for Terraform/Ansible/K8s; handling state artifacts
  • Templates for common IaC tools

History & Diffs

  • Using git log, git diff, git blame for audit & compliance
  • Visualizing infra evolution (plans, graphs, diffs)

Branching Strategies

  • Environment branches, trunk-based IaC, hotfix flows
  • Release branches and promotion via tags/releases

Merge/Rebase & Conflict Resolution

  • Merge strategies for HCL/YAML; clean history via rebase
  • Conflict resolution patterns for IaC files

Code Reviews & Governance

  • PR/MR flows with automatic terraform plan (Atlantis/CI)
  • CODEOWNERS, required approvals, branch protection
  • Security & compliance checks (tflint, tfsec/Checkov, Conftest/OPA)
  • Review templates (risk/impact/rollback), change windows

Remote State, Workspaces & Drift

  • Backends (S3+DynamoDB/Azure/GCS), locking, tenancy isolation
  • Workspaces/stacks; scheduled drift plans; auto-PRs; notifications

Releases, Promotion & Automation

  • Git tags & SemVer; changelogs (Conventional Commits, release-please)
  • CI/CD pipelines (Actions/GitLab CI): fmt/validate/lint/scan/plan/apply
  • ChatOps (/plan//apply) and comment-driven pipelines

Secrets & Credentials

  • SOPS + age, Vault, External Secrets Operator (K8s)
  • Short-lived cloud credentials (OIDC), least privilege
  • Secret masking in CI, preventing leaks (pre-commit)

Hands-on Labs

  • Terraform repo layout + remote state & locking
  • PR workflow with CI gates + plan comments
  • CODEOWNERS + required checks; policy violation blocked
  • Module release & environment promotion (dev→stage→prod)
  • SOPS secrets in CI; rotation; drift detection with auto-PR

Tooling & Integration

  • VS Code, Git CLI/GUI; Terragrunt; Atlantis/Spacelift/Env0
  • Argo CD/Flux; Kustomize/Helm; pre-commit hooks (fmt/validate/tflint/tfsec/yamllint/kubeconform)

This course prepares you to operate PR-first GitOps workflows with policy gates, secure secrets, and robust remote state in real IaC projects.

The actual course content may differ from the above depending on the trainer, delivery, duration and the composition of participants.

Request this course in-house

Request a public date

No suitable public date? Register without obligation — once there is enough interest we schedule a new public date and let you know first.

Number of participants (approx.)

More than 3 participants? Best to request a dedicated in-house date directly.

More about Git for Infrastructure as Code

Git is the de facto version control system for IaC. In **PR-first** workflows, changes are gated via **merge requests** with **automatic plans**, **policy-as-code checks**, and **mandatory reviews**. **Remote state & locking** prevent race conditions, **drift detection** exposes configuration drift, **SemVer** + **changelogs** stabilize module releases, and **SOPS/Vault** keep secrets safe.

Further Resources:

History and Development

As IaC matured, Git evolved from source VC into **infrastructure change control**: PR gates, automated plans and policies as guardrails, secure secrets, and reproducible releases. Today, **GitOps approaches** combined with Terraform, Argo CD/Flux, and policy engines underpin scalable, auditable infrastructure delivery.