Configure Terraform for Multiple Environments
This article demonstrates how Terraform can be configured to be used against multiple environments.
- Terraform
- Auth0 Terraform Provider
There is usually a requirement to have one set of Terraform configuration files which can be applied across multiple environments for example development, staging, production etc. The configuration files are treated as a source of truth and represents the current state of the tenant.
This is an example of how to achieve a deployment plan whereby only one set of configuration files is applied across multiple environments. Below is an example layout that can be used as a base. Please amend values accordingly and initially test results in non production environments before running against a production environment.
NOTE: Ensure the .env files as illustrated below are not checked into source/version control systems with secrets populated. Secrets should be stored in a highly secure system designed to hold secrets.
Directory Structure
terraform/
├── main.tf
├── dev.env
├── prod.envmain.tf (provider is left empty)
terraform {
required_providers {
auth0 = {
source = "auth0/auth0"
version = ">= 1.33.0" # Refer to Github repository for latest version
}
}
}
provider "auth0" {}
resource "auth0_client" "my_client" {
name = "WebAppExample"
description = "My Web App Created Through Terraform"
app_type = "regular_web"
callbacks = ["http://localhost:3000/callback"]
oidc_conformant = true
jwt_configuration {
alg = "RS256"
}
}dev.env
export AUTH0_DOMAIN="dev-tenant.us.auth0.com"
export AUTH0_CLIENT_ID="your_dev_client_id"
export AUTH0_CLIENT_SECRET="your_dev_client_secret"prod.env
export AUTH0_DOMAIN="prod-tenant.us.auth0.com"
export AUTH0_CLIENT_ID="your_prod_client_id"
export AUTH0_CLIENT_SECRET="your_prod_client_secret"On the command line/terminal window:
cd terraform
source dev.env
terraform plan
terraform applySwitch to the production environment
source prod.env
terraform plan
terraform apply
