Let's Get Started With Terraform Cloud Private Registry

Let's Get Started With Terraform Cloud Private Registry

Store your terraform files in terraform cloud private registry

Many organisations create their custom terraform modules, providers or sentinel policies which they want to keep private ☠️. So instead of using public terraform registry registry.terraform.io , they use a private registry.

The Terraform Cloud Private Registry offers organizations a secure and exclusive space to store these files. This private registry allows organizations to keep their sensitive resources safe and secure 🔐, without the risk of them being publicly accessible.

Free account of Terrform cloud

Before getting started make sure you have a terraform cloud account. If you don't have you can create your free account from here https://app.terraform.io/public/signup/account 🚀.

After creating an account you will be asked to create organization 🏢 in terraform cloud.

After creating the organization you will see the UI something like this. In the left side panel, you can see Registry tab.

Preparing a Module Repository

In the private registry, your chosen Version Control System (VCS) integration takes care of most tasks, with your VCS provider managing new version releases. The only manual duties involve adding new modules and removing module versions.

Here we will be using the GitHub repo as VCS from where terraform cloud will get the modules. I have pushed my aks terraform code on GitHub which looks something like this.

To add a module repository to the registry, ensure the following requirements are met:

  1. Location and permissions: The repository must reside in a configured VCS provider, with Terraform Cloud's VCS user account has admin access. GitLab repositories should be in the main organization or group, not in subgroups.

  2. Naming convention: Module repositories must use the format terraform-<PROVIDER>-<NAME>, where <PROVIDER> is the lowercase main provider name and <NAME> reflects the managed infrastructure type. Additional hyphens are allowed in the <NAME> segment.

  3. Standard module structure: The module must adhere to the standard module structure for proper inspection, documentation generation, and resource usage tracking.

  4. Release tags: At least one release tag in the x.y.z format must be present for module publishing. Tag names should be semantic versions, optionally prefixed with 'v'. Non-version-like tags are ignored by the registry.

Publishing module through UI

To publish modules, you have two options: through the UI or using the Registry Modules API. However, the API allows publishing modules without a VCS repo, which is not possible in the UI.

  1. Click on "Registry" to access the Registry page.

  2. Select "Publish" and choose "Module" from the options.

  3. The "Add Module" page will appear, displaying a list of available repositories.

  4. Choose the repository that contains the module you wish to publish. In our case it is Github. If you have another VCS you can choose that. Here is the list of supported VCS https://developer.hashicorp.com/terraform/cloud-docs/vcs#supported-vcs-providers

  5. You can use the filter field to search for repositories by typing part or all of the repository names. Keep in mind that VCS providers use the format <NAMESPACE>/<REPO NAME> to locate repositories. Most providers use the organization name as the namespace, but Bitbucket Server (not Bitbucket Cloud) uses project keys such as INFRA.

  6. Optionally, if the module is a no-code ready module, select the "Add Module to no-code provision allowlist" checkbox.

    Note: No-code provisioning is a feature available in Terraform Cloud Plus Edition.

  7. Click on "Publish module."

  8. Terraform Cloud will display a loading page while importing the module versions. Once completed, it will redirect you to the details page of the newly published module. On this page, you can view available versions, access documentation, and copy a usage example.

Now, you can explore the usage option and use this module. It will show inputs, outputs, dependencies, resources, versions and details all in a single place. This is pretty cool. 😎

Releasing New Versions of a Module

To release a new version of a module, push a new release tag to its VCS repository. The registry automatically imports the new version. ❤️‍🔥

That's all for today. 🙏 . I hope this blog is helpful to you. If you want me to write a blog on any particular topic then you can share the topic with me on any socials. You can follow me on

Did you find this article valuable?

Support DevOps Talks by becoming a sponsor. Any amount is appreciated!