• Overview
    • Enforce Policy as Code
    • Infrastructure as Code
    • Inject Secrets into Terraform
    • Integrate with Existing Workflows
    • Manage Kubernetes
    • Manage Virtual Machine Images
    • Multi-Cloud Deployment
    • Network Infrastructure Automation
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
  • Registry
  • Tutorials
    • About the Docs
    • Intro to Terraform
    • Configuration Language
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
    • Provider Use
    • Plugin Development
    • Registry Publishing
    • Integration Program
    • Terraform Tools
    • CDK for Terraform
    • Glossary
  • Community
GitHubTerraform Cloud
Download

    Terraform Language

  • Overview
  • Attributes as Blocks - Configuration Language
  • Terraform v1.0 Compatibility Promises
    • Overview
    • Override Files
    • Dependency Lock File
    • Overview
    • Configuration Syntax
    • JSON Configuration Syntax
    • Style Conventions
    • Overview
    • Resource Blocks
    • Resource Behavior
      • depends_on
      • count
      • for_each
      • provider
      • lifecycle
      • Declaring Provisioners
      • Provisioner Connections
      • Provisioners Without a Resource
      • file
      • local-exec
      • remote-exec

      • chef
      • habitat
      • puppet
      • salt-masterless
  • Data Sources
    • count
    • depends_on
    • for_each
    • lifecycle
    • providers
    • provider
    • Overview
    • Provider Configuration
    • Provider Requirements
    • Dependency Lock File
    • Overview
    • Input Variables
    • Output Values
    • Local Values
    • Overview
    • Module Blocks
    • Module Sources
      • providers
      • depends_on
      • count
      • for_each
      • Overview
      • Standard Module Structure
      • Providers Within Modules
      • Best Practices: Module Composition
      • Publishing Modules
      • Refactoring Modules
    • Module Testing Experiment
    • Overview
    • Types and Values
    • Strings and Templates
    • References to Values
    • Operators
    • Function Calls
    • Conditional Expressions
    • For Expressions
    • Splat Expressions
    • Dynamic Blocks
    • Custom Condition Checks
    • Type Constraints
    • Version Constraints
    • Overview
      • abs
      • ceil
      • floor
      • log
      • max
      • min
      • parseint
      • pow
      • signum
      • chomp
      • format
      • formatlist
      • indent
      • join
      • lower
      • regex
      • regexall
      • replace
      • split
      • strrev
      • substr
      • title
      • trim
      • trimprefix
      • trimsuffix
      • trimspace
      • upper
      • alltrue
      • anytrue
      • chunklist
      • coalesce
      • coalescelist
      • compact
      • concat
      • contains
      • distinct
      • element
      • flatten
      • index
      • keys
      • length
      • list
      • lookup
      • map
      • matchkeys
      • merge
      • one
      • range
      • reverse
      • setintersection
      • setproduct
      • setsubtract
      • setunion
      • slice
      • sort
      • sum
      • transpose
      • values
      • zipmap
      • base64decode
      • base64encode
      • base64gzip
      • csvdecode
      • jsondecode
      • jsonencode
      • textdecodebase64
      • textencodebase64
      • urlencode
      • yamldecode
      • yamlencode
      • abspath
      • dirname
      • pathexpand
      • basename
      • file
      • fileexists
      • fileset
      • filebase64
      • templatefile
      • formatdate
      • timeadd
      • timestamp
      • base64sha256
      • base64sha512
      • bcrypt
      • filebase64sha256
      • filebase64sha512
      • filemd5
      • filesha1
      • filesha256
      • filesha512
      • md5
      • rsadecrypt
      • sha1
      • sha256
      • sha512
      • uuid
      • uuidv5
      • cidrhost
      • cidrnetmask
      • cidrsubnet
      • cidrsubnets
      • can
      • defaults
      • nonsensitive
      • sensitive
      • tobool
      • tolist
      • tomap
      • tonumber
      • toset
      • tostring
      • try
      • type
    • abs
    • abspath
    • alltrue
    • anytrue
    • base64decode
    • base64encode
    • base64gzip
    • base64sha256
    • base64sha512
    • basename
    • bcrypt
    • can
    • ceil
    • chomp
    • chunklist
    • cidrhost
    • cidrnetmask
    • cidrsubnet
    • cidrsubnets
    • coalesce
    • coalescelist
    • compact
    • concat
    • contains
    • csvdecode
    • defaults
    • dirname
    • distinct
    • element
    • file
    • filebase64
    • filebase64sha256
    • filebase64sha512
    • fileexists
    • filemd5
    • fileset
    • filesha1
    • filesha256
    • filesha512
    • flatten
    • floor
    • format
    • formatdate
    • formatlist
    • indent
    • index
    • join
    • jsondecode
    • jsonencode
    • keys
    • length
    • list
    • log
    • lookup
    • lower
    • map
    • matchkeys
    • max
    • md5
    • merge
    • min
    • nonsensitive
    • one
    • parseint
    • pathexpand
    • pow
    • range
    • regex
    • regexall
    • replace
    • reverse
    • rsadecrypt
    • sensitive
    • setintersection
    • setproduct
    • setsubtract
    • setunion
    • sha1
    • sha256
    • sha512
    • signum
    • slice
    • sort
    • split
    • strrev
    • substr
    • sum
    • templatefile
    • textdecodebase64
    • textencodebase64
    • timeadd
    • timestamp
    • title
    • tobool
    • tolist
    • tomap
    • tonumber
    • toset
    • tostring
    • transpose
    • trim
    • trimprefix
    • trimspace
    • trimsuffix
    • try
    • type
    • upper
    • urlencode
    • uuid
    • uuidv5
    • values
    • yamldecode
    • yamlencode
    • zipmap
    • Overview
    • Terraform Cloud
      • Backend Configuration
        • local
        • remote
        • artifactory
        • azurerm
        • consul
        • cos
        • etcd
        • etcdv3
        • gcs
        • http
        • Kubernetes
        • manta
        • oss
        • pg
        • s3
        • swift
      • local
      • remote
      • artifactory
      • azurerm
      • consul
      • cos
      • etcd
      • etcdv3
      • gcs
      • http
      • Kubernetes
      • manta
      • oss
      • pg
      • s3
      • swift
    • Overview
    • Purpose
    • The terraform_remote_state Data Source
    • Backends: State Storage and Locking
    • Import Existing Resources
    • Locking
    • Workspaces
    • Remote State
    • Sensitive Data
    • Overview
    • Upgrading to Terraform v1.2
    • Upgrading to Terraform v1.1
    • Upgrading to Terraform v1.0
    • v1.0 Compatibility Promises
    • Upgrading to Terraform v0.15
    • Upgrading to Terraform v0.14
    • Upgrading to Terraform v0.13
    • Upgrading to Terraform v0.12
    • Upgrading to Terraform v0.11
    • Upgrading to Terraform v0.10
    • Upgrading to Terraform v0.9
    • Upgrading to Terraform v0.8
    • Upgrading to Terraform v0.7
    • Overview
    • Load Order and Semantics
    • Configuration Syntax
    • Interpolation Syntax
    • Overrides
    • Resources
    • Data Sources
    • Providers
    • Variables
    • Outputs
    • Local Values
    • Modules
    • Terraform
    • Provisioners
    • Providers
    • Terraform Push (deprecated)
    • Environment Variables

  • Terraform Internals

  • Other Docs

  • Intro to Terraform
  • Configuration Language
  • Terraform CLI
  • Terraform Cloud
  • Terraform Enterprise
  • Provider Use
  • Plugin Development
  • Registry Publishing
  • Integration Program
  • Terraform Tools
  • CDK for Terraform
  • Glossary
Type '/' to Search

»swift

Stores the state as an artifact in Swift.

This backend supports state locking.

Warning! It is highly recommended that you enable Object Versioning by setting the archive_container configuration. This allows for state recovery in the case of accidental deletions and human error.

»Example Configuration

terraform {
  backend "swift" {
    container         = "terraform-state"
    archive_container = "terraform-state-archive"
  }
}
terraform {
  backend "swift" {
    container         = "terraform-state"
    archive_container = "terraform-state-archive"
  }
}

This will create a container called terraform-state and an object within that container called tfstate.tf. It will enable versioning using the terraform-state-archive container to contain the older version.

For the access credentials we recommend using a partial configuration.

»Data Source Configuration

data "terraform_remote_state" "foo" {
  backend = "swift"
  config = {
    container         = "terraform_state"
    archive_container = "terraform_state-archive"
  }
}
data "terraform_remote_state" "foo" {
  backend = "swift"
  config = {
    container         = "terraform_state"
    archive_container = "terraform_state-archive"
  }
}

»Configuration Variables

Warning: We recommend using environment variables to supply credentials and other sensitive data. If you use -backend-config or hardcode these values directly in your configuration, Terraform will include these values in both the .terraform subdirectory and in plan files. Refer to Credentials and Sensitive Data for details.

The following configuration options are supported:

  • auth_url - (Optional) The Identity authentication URL. If omitted, the OS_AUTH_URL environment variable is used.

  • cloud - (Optional; required if auth_url is not specified) An entry in a clouds.yaml file. See the OpenStack os-client-config documentation for more information about clouds.yaml files. If omitted, the OS_CLOUD environment variable is used.

  • region_name - (Optional) - The region in which to store terraform.tfstate. If omitted, the OS_REGION_NAME environment variable is used.

  • container - (Required) The name of the container to create for storing the Terraform state file.

  • state_name - (Optional) The name of the state file in the container. Defaults to tfstate.tf.

  • path - (Optional) DEPRECATED: Use container instead. The name of the container to create in order to store the state file.

  • user_name - (Optional) The Username to login with. If omitted, the OS_USERNAME environment variable is used.

  • user_id - (Optional) The User ID to login with. If omitted, the OS_USER_ID environment variable is used.

  • application_credential_id - (Optional) (Identity v3 only) The ID of an application credential to authenticate with. An application_credential_secret has to bet set along with this parameter.

  • application_credential_name - (Optional) (Identity v3 only) The name of an application credential to authenticate with. Requires user_id, or user_name and user_domain_name (or user_domain_id) to be set.

  • application_credential_secret - (Optional) (Identity v3 only) The secret of an application credential to authenticate with. Required by application_credential_id or application_credential_name.

  • tenant_id - (Optional) The ID of the Tenant (Identity v2) or Project (Identity v3) to login with. If omitted, the OS_TENANT_ID or OS_PROJECT_ID environment variables are used.

  • tenant_name - (Optional) The Name of the Tenant (Identity v2) or Project (Identity v3) to login with. If omitted, the OS_TENANT_NAME or OS_PROJECT_NAME environment variable are used.

  • password - (Optional) The Password to login with. If omitted, the OS_PASSWORD environment variable is used.

  • token - (Optional; Required if not using user_name and password) A token is an expiring, temporary means of access issued via the Keystone service. By specifying a token, you do not have to specify a username/password combination, since the token was already created by a username/password out of band of Terraform. If omitted, the OS_TOKEN or OS_AUTH_TOKEN environment variables are used.

  • user_domain_name - (Optional) The domain name where the user is located. If omitted, the OS_USER_DOMAIN_NAME environment variable is checked.

  • user_domain_id - (Optional) The domain ID where the user is located. If omitted, the OS_USER_DOMAIN_ID environment variable is checked.

  • project_domain_name - (Optional) The domain name where the project is located. If omitted, the OS_PROJECT_DOMAIN_NAME environment variable is checked.

  • project_domain_id - (Optional) The domain ID where the project is located If omitted, the OS_PROJECT_DOMAIN_ID environment variable is checked.

  • domain_id - (Optional) The ID of the Domain to scope to (Identity v3). If omitted, the following environment variables are checked (in this order): OS_USER_DOMAIN_ID, OS_PROJECT_DOMAIN_ID, OS_DOMAIN_ID.

  • domain_name - (Optional) The Name of the Domain to scope to (Identity v3). If omitted, the following environment variables are checked (in this order): OS_USER_DOMAIN_NAME, OS_PROJECT_DOMAIN_NAME, OS_DOMAIN_NAME, DEFAULT_DOMAIN.

  • default_domain - (Optional) The ID of the Domain to scope to if no other domain is specified (Identity v3). If omitted, the environment variable OS_DEFAULT_DOMAIN is checked or a default value of "default" will be used.

  • insecure - (Optional) Trust self-signed SSL certificates. If omitted, the OS_INSECURE environment variable is used.

  • cacert_file - (Optional) Specify a custom CA certificate when communicating over SSL. You can specify either a path to the file or the contents of the certificate. If omitted, the OS_CACERT environment variable is used.

  • cert - (Optional) Specify client certificate file for SSL client authentication. If omitted the OS_CERT environment variable is used.

  • key - (Optional) Specify client private key file for SSL client authentication. If omitted the OS_KEY environment variable is used.

  • endpoint_type - (Optional) Specify which type of endpoint to use from the service catalog. It can be set using the OS_ENDPOINT_TYPE environment variable. If not set, public endpoints is used.

  • swauth - (Optional) Set to true to authenticate against Swauth, a Swift-native authentication system. If omitted, the OS_SWAUTH environment variable is used. You must also set username to the Swauth/Swift username such as username:project. Set the password to the Swauth/Swift key. This feature supports v1.0 of the Swauth system. Finally, set auth_url as the location of the Swift service.

  • disable_no_cache_header - (Optional) If set to true, the HTTP Cache-Control: no-cache header will not be added by default to all API requests. If omitted this header is added to all API requests to force HTTP caches (if any) to go upstream instead of serving cached responses.

  • allow_reauth - (Optional) If set to true, OpenStack authorization will be perfomed automatically, if the initial auth token get expired. This is useful, when the token TTL is low or the overall Terraform provider execution time expected to be greater than the initial token TTL.

  • archive_container - (Optional) The container to create to store archived copies of the Terraform state file. If specified, Swift object versioning is enabled on the container created at container.

  • archive_path - (Optional) DEPRECATED: Use archive_container instead. The path to store archived copied of terraform.tfstate. If specified, Swift object versioning is enabled on the container created at path.

  • expire_after - (Optional) How long should the terraform.tfstate created at container be retained for? If specified, Swift expiring object support is enabled on the state. Supported durations: m - Minutes, h - Hours, d - Days. ~> NOTE: Since Terraform is inherently stateful - we'd strongly recommend against auto-expiring Statefiles.

github logoEdit this page
  • Overview
  • Docs
  • Extend
  • Privacy
  • Security
  • Press Kit
  • Consent Manager