Skip to content

Commit

Permalink
fix doc config section
Browse files Browse the repository at this point in the history
  • Loading branch information
lu1as committed Mar 21, 2022
1 parent 565ec08 commit 841157e
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 9 deletions.
4 changes: 2 additions & 2 deletions docs/auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ The authentication method is defined by the HTTP basic auth username, therefore

This authentication creates a hash value of provided HTTP basic auth password and state path to get the filename of the state. Therefore only the right combination of state path and password can fetch this exact state again. It's really simple to setup, no user or credential management required. The drawback is that the server can be used by everyone, who has access to the API endpoint, so it should only be used in secure or testing environments.

**Config**
### Config
| Environment Variable | Type | Example | Description |
|----------------------|------|---------|-------------------------------------------------------------------------------------------------|
| AUTH_BASIC_ENABLED | bool | `true` | HTTP basic auth is enabled by default (checkout [docs/auth.md](docs/auth.md) for other options) |
Expand Down Expand Up @@ -38,7 +38,7 @@ JWT allow granting access to a state for a given time (the token lifetime). The
}
```

**Config**
### Config
| Environment Variable | Type | Example | Description |
|--------------------------|------|----------------------------------------------|-----------------------------------------------------------------------------------|
| AUTH_JWT_OIDC_ISSUER_URL | bool | `https://vault.example.com/v1/identity/oidc` | Issuer URL which is used to validate token (if not defined, JWT auth is disabled) |
Expand Down
6 changes: 3 additions & 3 deletions docs/kms.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ This backend uses a key defined as an environment variable to encrypt the state

A key can be generated by running: `./terraform-backend`

**Config**
### Config
Set `KMS_BACKEND` to `local`.

| Environment Variable | Type | Example | Description |
Expand All @@ -19,7 +19,7 @@ Set `KMS_BACKEND` to `local`.

Alternatively the key can be fetched from a [HashiCorp Vault Key/Value secrets engine (v2)](https://www.vaultproject.io/docs/secrets/kv/kv-v2)

**Config**
### Config
Set `KMS_BACKEND` to `vault`.

| Environment Variable | Type | Example | Description |
Expand All @@ -34,7 +34,7 @@ Make sure that `VAULT_ADDR` and `VAULT_TOKEN` are set properly (see [Vault Envir

For preparing the disaster recovery, the [Transit key can be exported](https://www.vaultproject.io/api-docs/secret/transit#export-key) and the state files can be converted to use a local key for decryption by using the [convert-transit-state.sh](../scripts/convert-transit-state.sh) script.

**Config**
### Config
Set `KMS_BACKEND` to `transit`.

| Environment Variable | Type | Example | Description |
Expand Down
4 changes: 2 additions & 2 deletions docs/lock.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@ The lock backend takes care of locking a specific state file, so that only one T

This is the simplest implementation by using a local Golang map and doesn't require any configuration. It works fine for a standalone, single-instance Terraform backend server, but doesn't scale. Also if the Terraform backend server crashes, the lock information will be lost.

**Config**
### Config
Set `LOCK_BACKEND` to `local`.

## Redis

This backend uses a external Redis server to lock the states. It's scalable and can be used also with multiple Terraform backend server instances.

**Config**
### Config
Set `LOCK_BACKEND` to `redis`.

Make sure that `REDIS_ADDR` is set properly (e.g. to `localhost:6379` for a local Redis instance).
4 changes: 2 additions & 2 deletions docs/storage.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ NOTE: The state path is always hashed, so getting the state name of project from

This backend saves the state file to a local directory.

**Config**
### Config
Set `STORAGE_BACKEND` to `fs`.

| Environment Variable | Type | Default | Description |
Expand All @@ -19,7 +19,7 @@ Set `STORAGE_BACKEND` to `fs`.

The S3 backend stores the state files in any S3-compatible object store using the [MinIO SDK](https://docs.min.io/docs/golang-client-quickstart-guide.html). Since locking is handled by the Terraform backend server separately, the S3 API doesn't need support for write-once-read-many (WORM).

**Config**
### Config
Set `STORAGE_BACKEND` to `fs`.

| Environment Variable | Type | Default | Description |
Expand Down

0 comments on commit 841157e

Please sign in to comment.