Pomerium Terraform Provider

The Pomerium Terraform Provider enables management of Pomerium Enterprise resources through Terraform.

Quick Start

Configure the provider in your Terraform configuration:

terraform {
  required_providers {
    pomerium = {
      source  = "pomerium/pomerium"
      version = "~> 0.0.7"
    }
  }
}

provider "pomerium" {
  api_url      = "https://console-api.your-domain.com"
  # Choose one of the authentication methods below:
  
  # Option 1: Service Account Token
  service_account_token = var.pomerium_service_account_token
  
  # Option 2: Bootstrap Service Account
  # shared_secret_b64 = var.shared_secret_b64
}

Authentication

Two authentication methods are supported:

1. Service Account Token (Recommended)

   • Uses a Pomerium Enterprise Service Account
   • Provides namespace-level access control
   • Configure using service_account_token

2. Bootstrap Service Account

   • Requires BOOTSTRAP_SERVICE_ACCOUNT=true in Enterprise Console
   • Configure using shared_secret_b64

Documentation

• Provider Documentation
• Example Configurations
• Kubernetes Deployment Guide

Resources and Data Sources

Common resources:

• pomerium_namespace
• pomerium_policy
• pomerium_route
• pomerium_settings
• pomerium_service_account

Data sources:

• pomerium_namespaces
• pomerium_namespace
• pomerium_route

For detailed examples, see our examples directory or the provider documentation.