Reputation: 1669
Terraform for Cloudflare without API Token
I'm trying to deploy Cloudflare resources with terraform. However the terraform provider for Cloudflare requires an API token from Cloudflare. Unfortunately API tokens need to be managed, and rotated occasionally.
So I was wondering is it possible to deploy Cloudflare resources programmatically with Terraform without using Cloudflare API tokens? I've read the docs including https://developers.cloudflare.com/fundamentals/ and https://developers.cloudflare.com/terraform/ so far and I can't find a way.
Does anyone know a way to do this, or a work around to do this perhaps with OIDC, SAML, or OAUTH?
Upvotes: 0
Views: 203
Answers (1)
Reputation: 3044
One of the ways I have found is using Hashicorp Vault as a secrets engine for minting Cloudflare Access service tokens. This Vault plugin allows you to manage Cloudflare tokens.
Upvotes: 0
Related Questions
- Authenticating to Azure Manage Grafana HTTP API (terraform provider) with Azure AD service principal
- Terraform Cloudflare ListZonesContext command failed: Invalid request headers (6003)
- Terraform AWS SAML URL provider details key not available in documentation
- How to avoid referencing KV namespace ID in wrangler.toml?
- Configure "Javascript OpenID Connect Protocol Mapper" (for Keycloak 18) via Terraform
- OIDC identity provider