The Terraform Codebase is automated by our Jenkins server. Our entire infrastructure is provisioned by Terraform, and any contributer is free to create a pull request that if approved, will result in more infrastructure being provisioned. Jenkins builds are manually triggered.
All compute instances are Salt Minions, and are managed by a single Salt Master instance -- which determines installed packages, configuration, provisioned SSH keys, and more. Salt state can be managed right here from our GitHub repo. Contributers are free to create pull requests that modify the state of our compute instances. Once approved, a team member with access to the Salt Master server must apply the new state.
Minion keys are autogenerated by the Terraform scripts and are added to salt master when created. Secrets are managed by Jenkins. All public facing services are bound to private interfaces behind Apache proxies. All SSL keys are generated by Let's Encrypt. We employ security fundamentals, as well as some advanced techniques.
Infrastructure can be provisioned and configured by repo contributers. This repo is integrated with Jenkins, which means resources will be autmatically propagated and state will be applied anytime pull requests are merged. This is a unique project in that it opens up full devops capabilities to our community.