Documentation

Use Terraform with Opal

Learn how to set up Opal's Terraform provider.

Suggest Edits

You can use Opal’s Terraform provider to manage your Opal infrastructure with code. Use the following instructions to install and get started with Terraform in Opal.

Requirements

Before you begin, you must:

Install Opal’s Terraform provider

To install Terraform for Opal:

  1. Go to Opal’s Terraform provider.
  2. Select Use Provider and copy the dropdown code block. Ensure you use the latest version.
  1. Create a configuration file and paste in the code block.
  2. If you self-host Opal, in the provider section, add server_url = “<SERVER_URL>", replacing SERVER_URL with your self-hosted domain and the suffix /v1—for example, https://company-name-opal.dev/v1. If you use cloud Opal, skip this step.
  3. Save your Opal API key in an environment variable named OPAL_AUTH_TOKEN. Alternatively, or if you're on a version earlier than 3.0.2, add bearer_auth = "<API_KEY>” to the provider section, replacing API_KEY with your Opal API key.
  4. Save the configuration file.
  5. Run terraform init.
  6. Run terraform apply.

Use Opal’s Terraform provider

See the Terraform provider documentation for example usage. To create certain resources, you may need to provide IDs, which you can find for most objects on the Detail tab in the Inventory in the Opal dashboard.

For example, to create a group with the Terraform provider, you must provide an app_id to contain the group. You can find this ID from the app's Detail tab.

Example configuration and usage

The following is an example resource block used to create a new Opal group.

terraform {
  required_providers {
    opal = {
      source = "opalsecurity/opal"
      version = "3.0.12"
    }
  }
}

provider "opal" {
// Define OPAL_AUTH_TOKEN as an environment variable, otherwise include the following line:
// bearer_auth = 'API_KEY_HERE'
}

resource "opal_group" "tf_test" {
  name = "tf_test_group"
  group_type = "OPAL_GROUP"
  app_id = "3ecff5db-e3fc-40c7-bb36-ff202f033095" // Retrieved from Opal dashboard
  visibility = "GLOBAL"
  request_configurations = [
    {
      priority = 0
      require_mfa_to_request = false
      allow_requests = false
      require_support_ticket = false
      auto_approval = false
    }
  ]
}

After running terraform plan and terraform apply, the group is created.

Updated 3 days ago