@hackage terraform-http-backend-pass0.1.0.0

HTTP backend to store terraform state using pass and git

Terraform HTTP Backend Pass

Catchy name! What does it do?

According to terraform docs:

Each Terraform configuration can specify a backend, which defines where and how operations are performed, where state snapshots are stored, etc.

There are a few backends which terraform provides, none of which are very customizable. The http backend, however, provides a way to define where (and how) state snapshots are stored. It additionally allows for a locking the state while some operation is being perfomed.

This project aims to provide a backend to store the terraform state in a git repository. As the state can contain sensitive information, it should be encrypted before storing, for which pass is used.

How to use

  1. Install the backend in one of these ways:
    • Using Stack:
      stack install terraform-http-backend-pass
      
    • Using Cabal:
      cabal install terraform-http-backend-pass
      
    • Using nix:
      nix-env -f https://git.coop/akshay/terraform-http-backend-pass/-/archive/main/terraform-http-backend-pass-main.tar.gz -i
      
  2. Create a pass repository:
    export PASSWORD_STORE_DIR=/desired/path/to/store
    pass init <gpg-keys>
    pass git init
    
  3. Push the repository somewhere, set push upstream:
    export PASSWORD_STORE_DIR=/desired/path/to/store
    pass git remote add origin <remote-url>
    pass git push -u origin master
    
  4. Start the backend:
    terraform-http-backend-pass --repositoryPath /desired/path/to/store --port 8888 
    
  5. Setup terraform with backend information:
    terraform {
      backend "http" {
        # Or, something else if the server is not running on localhost
        address = "http://localhost:8888"
      }
    }
    
    The address can also be specified dynamically using the -backend-config option while running terraform init
  6. Use terraform as usual:
    terraform init
    terraform apply