Terraform
consul
Stores the state in the Consul KV store at a given path.
This backend supports state locking.
Example Configuration
terraform {
backend "consul" {
address = "consul.example.com"
scheme = "https"
path = "full/path"
}
}
Note that for the access credentials we recommend using a partial configuration.
Data Source Configuration
data "terraform_remote_state" "foo" {
backend = "consul"
config = {
path = "full/path"
}
}
Configuration Variables
Warning: We recommend using environment variables to supply credentials and other sensitive data. If you use -backend-config
or hardcode these values directly in your configuration, Terraform will include these values in both the .terraform
subdirectory and in plan files. Refer to Credentials and Sensitive Data for details.
The following configuration options / environment variables are supported:
path
- (Required) Path in the Consul KV storeaccess_token
/CONSUL_HTTP_TOKEN
- (Required) Access tokenaddress
/CONSUL_HTTP_ADDR
- (Optional) DNS name and port of your Consul endpoint specified in the formatdnsname:port
. Defaults to the local agent HTTP listener.scheme
- (Optional) Specifies what protocol to use when talking to the givenaddress
, eitherhttp
orhttps
. SSL support can also be triggered by setting then environment variableCONSUL_HTTP_SSL
totrue
.datacenter
- (Optional) The datacenter to use. Defaults to that of the agent.http_auth
/CONSUL_HTTP_AUTH
- (Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of eitheruser
oruser:pass
.gzip
- (Optional)true
to compress the state data using gzip, orfalse
(the default) to leave it uncompressed.lock
- (Optional)false
to disable locking. This defaults to true, but will require session permissions with Consul and at least kv write permissions on$path/.lock
to perform locking.ca_file
/CONSUL_CACERT
- (Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.cert_file
/CONSUL_CLIENT_CERT
- (Optional) A path to a PEM-encoded certificate provided to the remote agent; requires use ofkey_file
.key_file
/CONSUL_CLIENT_KEY
- (Optional) A path to a PEM-encoded private key, required ifcert_file
is specified.