Talk to an Instructor:
Jonas Felix
Git for IaC
Course & Training
Master Git workflows for Infrastructure as Code — PR-first, GitOps, policy as code, secure secrets, and scalable team collaboration.
Infrastructure as Code revolutionizes how we manage infrastructure. Git forms the foundation for successful IaC implementations. In this intensive training, you’ll learn to use Git optimally for infrastructure projects — from basic configuration to sophisticated, **PR-first** workflows for large teams. We align **GitOps principles**, **policy as code**, **remote state & locking**, **drift detection**, and **secrets management** (e.g., SOPS/Vault) to make your infrastructure development collaborative, versioned, auditable, and production-safe.
In-House Course:
We are happy to conduct tailored courses for your team - on-site, remotely or in our course rooms.
Content:
Welcome to our comprehensive training on Git in the context of Infrastructure as Code. This course targets Infrastructure Engineers, DevOps/Platform teams, SREs, and system administrators who want to professionalize, scale, and secure their IaC workflows.
Git is the backbone of IaC: **pull-request change gates**, **mandatory reviews**, **automatic plans**, **policy checks**, and **controlled environment promotion**. This training blends concepts with hands-on practice to help you run Git workflows reliably for infrastructure projects.
You will master:
– **Intro to IaC & Git**
... - IaC principles; push vs. pull; GitOps foundations (Argo CD/Flux)
... - Git for Terraform, Ansible, Kubernetes
... - Repo strategies: monorepo vs. polyrepo; trunk-based vs. GitFlow for IaC
– **Version Control for Infra**
... - Dependency & module versioning (SemVer, registry, tags)
– **Git Fundamentals & Setup**
... - Installation; global/project configs; commit signing (GPG/SSH)
... - Conventions: Conventional Commits with scopes (env/module/provider)
– **SSH Keys & Remotes**
... - Key generation/rotation; multi-key tenancy; secure remotes
... - Upstream/downstream patterns; forks; mirrors (DR)
– **.gitignore for IaC**
... - Ignore patterns for Terraform/Ansible/K8s; handling state artifacts
... - Templates for common IaC tools
– **History & Diffs**
... - Using `git log`, `git diff`, `git blame` for audit & compliance
... - Visualizing infra evolution (plans, graphs, diffs)
– **Branching Strategies**
... - Environment branches, trunk-based IaC, hotfix flows
... - Release branches and promotion via tags/releases
– **Merge/Rebase & Conflict Resolution**
... - Merge strategies for HCL/YAML; clean history via rebase
... - Conflict resolution patterns for IaC files
– **Code Reviews & Governance**
... - PR/MR flows with automatic `terraform plan` (Atlantis/CI)
... - **CODEOWNERS**, required approvals, branch protection
... - **Security & compliance checks** (tflint, tfsec/Checkov, Conftest/OPA)
... - Review templates (risk/impact/rollback), change windows
– **Remote State, Workspaces & Drift**
... - Backends (S3+DynamoDB/Azure/GCS), locking, tenancy isolation
... - Workspaces/stacks; scheduled drift plans; auto-PRs; notifications
– **Releases, Promotion & Automation**
... - Git tags & SemVer; changelogs (Conventional Commits, release-please)
... - CI/CD pipelines (Actions/GitLab CI): fmt/validate/lint/scan/plan/apply
... - ChatOps (`/plan`/`/apply`) and comment-driven pipelines
– **Secrets & Credentials**
... - **SOPS + age**, **Vault**, External Secrets Operator (K8s)
... - Short-lived cloud credentials (OIDC), least privilege
... - Secret masking in CI, preventing leaks (pre-commit)
– **Hands-on Labs**
... - Terraform repo layout + remote state & locking
... - PR workflow with CI gates + plan comments
... - CODEOWNERS + required checks; policy violation blocked
... - Module release & environment promotion (dev→stage→prod)
... - SOPS secrets in CI; rotation; drift detection with auto-PR
– **Tooling & Integration**
... - VS Code, Git CLI/GUI; Terragrunt; Atlantis/Spacelift/Env0
... - Argo CD/Flux; Kustomize/Helm; pre-commit hooks (fmt/validate/tflint/tfsec/yamllint/kubeconform)
This course prepares you to operate **PR-first GitOps workflows** with **policy gates**, **secure secrets**, and **robust remote state** in real IaC projects.
Disclaimer: The actual course content may vary from the above, depending on the trainer, implementation, duration and constellation of participants.
Whether we call it training, course, workshop or seminar, we want to pick up participants at their point and equip them with the necessary practical knowledge so that they can apply the technology directly after the training and deepen it independently.
Goal:
After the course, participants can run **PR-first GitOps workflows** for IaC with **remote state & locking**, **policy-as-code gates** (tflint, tfsec/Checkov, Conftest/OPA), **CODEOWNERS & branch protection**, **secure secrets management** (SOPS/Vault), and **environment promotion** (dev→stage→prod).
Form:
Proven mix of explanations, live demos, and **hands-on labs** in a prepared environment. We work PR-first with **CI/CD gates, policy as code, remote state & drift detection** — realistic scenarios, not slides.
Target Audience:
Infrastructure/Platform engineers, DevOps engineers, SREs, system administrators, and cloud architects who want to build or professionalize Git-based IaC workflows with governance, security, and automation.
Requirements:
Comfortable with the command line; basic IaC knowledge (e.g., Terraform/Ansible/Kubernetes) and some Git experience. Helpful: basic CI/CD, YAML, and cloud principals (IAM).
Preparation:
After registration: questionnaire & setup guide. We provide a lab with **Git, Terraform, tflint, tfsec/Checkov, Conftest/OPA, SOPS + age**, plus CI templates. Optional: bring your own cloud test account.
Request In-House Course:
In-House Kurs Anfragen
Waitinglist for public course:
Sign up for the waiting list for more public course dates. Once we have enough people on the waiting list, we will determine a date that suits everyone as much as possible and schedule a new session. If you want to participate directly with two colleagues, we can even plan a public course specifically for you.
Waiting List Request
More about Git for Infrastructure as Code
Git is the de facto version control system for IaC. In **PR-first** workflows, changes are gated via **merge requests** with **automatic plans**, **policy-as-code checks**, and **mandatory reviews**. **Remote state & locking** prevent race conditions, **drift detection** exposes configuration drift, **SemVer** + **changelogs** stabilize module releases, and **SOPS/Vault** keep secrets safe.
Further Resources:
- Official Git Documentation
- Atlassian Git Tutorials
- Git Flow Workflow
- Conventional Commits
- Semantic Versioning
- Terraform Remote State
History and Development
As IaC matured, Git evolved from source VC into **infrastructure change control**: PR gates, automated plans and policies as guardrails, secure secrets, and reproducible releases. Today, **GitOps approaches** combined with Terraform, Argo CD/Flux, and policy engines underpin scalable, auditable infrastructure delivery.
