Since Terraform 0.8 it has a built-in support for Vault, a secrets management tool from HashiCorp. It's also a big tool, deserving a book of its own. And it's a great solution in order to solve the sensitive data storage problem for Terraform. Consider learning it and using it.

In Chapter 7, Collaborative Infrastructure, we did not go too deep into details of modern software development workflow. The basics we discussed--code reviews, working through pull requests--are just this: basics. There is a number of well-documented workflows that cover many different situations:

All of them are based on Git though you can achieve similar results with other distributed VCS as well (Mercurial, for example). It doesn't matter much which one you pick in the end and if you follow the chosen one exactly the way it is described. It is important to have a process in place and as long as you have one, it's already better than Wild West of force pushing to master.

On the continuous integration side of things it is also important to get to know the whole concept a bit better. There are number of books and videos from ThoughtWorks, who also popularized the whole CI/CD idea. You can find them at https://www.thoughtworks.com/continuous-integration.

If you don't want to use GitLab CI, you don't have to (of course). If you seek the same functionality and ease of use for GitHub, then consider one of many SaaS tools out there: Travis CI, Circle CI, Drone, and others. If you would like to keep your infrastructure pipelines internal, then you can use many hosted tools, including Jenkins, which has a great pipelines support: 

Again, in the end, it does not really matter which CI tool you pick, but it is important that you use one for your infrastructure operations as well.