Let's Get Started With Terraform Cloud Private Registry
Store your terraform files in terraform cloud private registry
Many organisations create their custom terraform modules, providers or sentinel policies which they want to keep private ☠️. So instead of using public terraform registry
registry.terraform.io , they use a private registry.
The Terraform Cloud Private Registry offers organizations a secure and exclusive space to store these files. This private registry allows organizations to keep their sensitive resources safe and secure 🔐, without the risk of them being publicly accessible.
Free account of Terrform cloud
Before getting started make sure you have a terraform cloud account. If you don't have you can create your free account from here https://app.terraform.io/public/signup/account 🚀.
After creating an account you will be asked to create organization
🏢 in terraform cloud.
After creating the organization you will see the UI something like this. In the left side panel, you can see Registry
tab.
Preparing a Module Repository
In the private registry, your chosen Version Control System (VCS)
integration takes care of most tasks, with your VCS provider managing new version releases. The only manual duties involve adding new modules and removing module versions.
Here we will be using the GitHub repo
as VCS from where terraform cloud will get the modules. I have pushed my aks terraform code on GitHub
which looks something like this.
To add a module repository to the registry, ensure the following requirements are met:
Location and permissions: The repository
must reside in a configured VCS provider,
withTerraform Cloud's VCS user account has admin access
. GitLab repositories should be in the main organization or group, not in subgroups.Naming convention: Module repositories must use the format
terraform-<PROVIDER>-<NAME>
, where <PROVIDER> is the lowercase main provider name and <NAME> reflects the managed infrastructure type. Additional hyphens are allowed in the <NAME> segment.Standard module structure: The module must adhere to the standard module structure for proper inspection, documentation generation, and resource usage tracking.
Release tags: At least one release tag in the
x.y.z
format must be present for module publishing. Tag names should be semantic versions,optionally prefixed with 'v'
. Non-version-like tags are ignored by the registry.
Publishing module through UI
To publish modules, you have two
options: through the UI or using the Registry Modules API
. However, the API allows publishing modules without a VCS repo, which is not possible in the UI.
Click on "
Registry
" to access the Registry page.Select "
Publish
" and choose "Module
" from the options.The "
Add Module
" page will appear, displaying alist of available repositories.
Choose the repository that contains the module you wish to publish. In our case it is Github. If you have another VCS you can choose that. Here is the
list of supported VCS
https://developer.hashicorp.com/terraform/cloud-docs/vcs#supported-vcs-providersYou can use the
filter field
to search for repositories by typing part or all of the repository names. Keep in mind that VCS providers use the format<NAMESPACE>/<REPO NAME>
to locate repositories. Most providers use the organization name as the namespace, butBitbucket Server
(not Bitbucket Cloud)uses project keys such as INFRA.
Optionally, if the module is a
no-code ready module
, select the "Add Module to no-code provision allowlist" checkbox
.Note: No-code provisioning is a feature available in Terraform Cloud Plus Edition.
Click on "
Publish module.
"Terraform Cloud will display a loading page while importing the module versions. Once completed, it will redirect you to the details page of the newly published module. On this page, you can view
available versions, access documentation, and copy a usage example
.
Now, you can explore the usage option and use this module. It will show inputs, outputs, dependencies, resources, versions and details
all in a single place. This is pretty cool. 😎
Releasing New Versions of a Module
To release a new version of a module, push a new release tag to its VCS repository.
The registry automatically imports the new version
. ❤️🔥
That's all for today. 🙏 . I hope this blog is helpful to you. If you want me to write a blog on any particular topic then you can share the topic with me on any socials. You can follow me on