jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2026-02-19 07:01:10 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
ab51186a3021f8a9ecbb3e94d296366b2edb3473
opentf/website/docs/language/settings/backends/http.mdx
Ruben Aleman dfcb220edd docs: fix headers default value for backend http (#2864) 
Signed-off-by: Ruben Aleman <github@rubenaleman.de>
2025-05-27 11:26:59 +01:00

80 lines
3.7 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
sidebar_label: http
description: OpenTofu can store state remotely at any valid HTTP endpoint.
---
# Backend Type: http
Stores the state using a simple [REST](https://en.wikipedia.org/wiki/Representational_state_transfer) client.
State will be fetched via GET, updated via POST, and purged with DELETE. The method used for updating is configurable.
This backend optionally supports [state locking](../../../language/state/locking.mdx). When locking
support is enabled it will use LOCK and UNLOCK requests providing the lock info in the body. The
endpoint should return a 423: Locked or 409: Conflict with the holding lock info when it's already
taken, 200: OK for success. Any other status will be considered an error. The ID of the holding lock
info will be added as a query parameter to state updates requests.
## Example Usage
```hcl
terraform {
backend "http" {
address = "http://myrest.api.com/foo"
lock_address = "http://myrest.api.com/foo"
unlock_address = "http://myrest.api.com/foo"
}
}
```
## Data Source Configuration
```hcl
data "terraform_remote_state" "foo" {
backend = "http"
config = {
address = "http://my.rest.api.com"
}
}
```
## Configuration Variables
:::danger Warning
We recommend using environment variables to supply credentials and other sensitive data. If you use `-backend-config` or hardcode these values directly in your configuration, OpenTofu will include these values in both the `.terraform` subdirectory and in plan files. Refer to [Credentials and Sensitive Data](../../../language/settings/backends/configuration.mdx#credentials-and-sensitive-data) for details.
:::
The following configuration options / environment variables are supported:
- `address` / `TF_HTTP_ADDRESS` - (Required) The address of the REST endpoint
- `update_method` / `TF_HTTP_UPDATE_METHOD` - (Optional) HTTP method to use
when updating state. Defaults to `POST`.
- `lock_address` / `TF_HTTP_LOCK_ADDRESS` - (Optional) The address of the lock
REST endpoint. Defaults to disabled.
- `lock_method` / `TF_HTTP_LOCK_METHOD` - (Optional) The HTTP method to use
when locking. Defaults to `LOCK`.
- `unlock_address` / `TF_HTTP_UNLOCK_ADDRESS` - (Optional) The address of the
unlock REST endpoint. Defaults to disabled.
- `unlock_method` / `TF_HTTP_UNLOCK_METHOD` - (Optional) The HTTP method to use
when unlocking. Defaults to `UNLOCK`.
- `username` / `TF_HTTP_USERNAME` - (Optional) The username for HTTP basic
authentication
- `password` / `TF_HTTP_PASSWORD` - (Optional) The password for HTTP basic
authentication
- `headers` - (Optional) Map of additional headers to be included in the HTTP
requests sent to the backend. Defaults to `{}`.
- `skip_cert_verification` - (Optional) Whether to skip TLS verification.
Defaults to `false`.
- `retry_max` / `TF_HTTP_RETRY_MAX` (Optional) The number of HTTP request
retries. Defaults to `2`.
- `retry_wait_min` / `TF_HTTP_RETRY_WAIT_MIN` (Optional) The minimum time in
seconds to wait between HTTP request attempts. Defaults to `1`.
- `retry_wait_max` / `TF_HTTP_RETRY_WAIT_MAX` (Optional) The maximum time in
seconds to wait between HTTP request attempts. Defaults to `30`.
For mTLS authentication, the following three options may be set:
- `client_certificate_pem` / `TF_HTTP_CLIENT_CERTIFICATE_PEM` - (Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.
- `client_private_key_pem` /`TF_HTTP_CLIENT_PRIVATE_KEY_PEM` - (Optional) A PEM-encoded private key, required if client_certificate_pem is specified.
- `client_ca_certificate_pem` / `TF_HTTP_CLIENT_CA_CERTIFICATE_PEM` - (Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.
Reference in New Issue View Git Blame Copy Permalink