Terraform provider?

While evaluating desec.io for my use case, I was surprised to find no mention of a potential terraform provider for desec.io.

I really appreciate the API-first approach. Taking this one step further in an infrastructure-as-code setup, a terraform provider seems like the way to go for reproducible and versionable zone management.

Has this ever been considered?

Hi Valodim,

Thanks for your message, and welcome to deSEC! :slight_smile:

There is a Terraform provider, but for ACME only: https://registry.terraform.io/providers/vancluever/acme/latest/docs/guides/dns-providers-desec

A generic Terraform provider would indeed be awesome. deSEC is a community effort, and several other integrations have been contributed by the community. Would you like to work on this? The ACME provider may give you some inspiration.

Stay secure,
Peter

Hi Peter,

thanks for your reply, and thanks for this project! I saw the acme provider, but that of course only solves part of the problem of DNS in IaC :slight_smile:

Would you like to work on this? The ACME provider may give you some inspiration.

I currently don’t have time for projects of that size, sadly. I’ll keep it in mind though, perhaps I can fund and mentor a student to do it some time. I imagine such a project can be based on the cloudflare terraform provider and shouldn’t be all that difficult to do.

Cheers

I looked into this for a while, and I’m happy to report that I was able to build a working terraform provider for desec :slight_smile:

It works fine so far. I implemented management of domains and rrsets, and added a reasonable level of documentation. It still needs acceptance tests before I could publish it in the terraform registry.

There we go, published it on the terraform registry: https://registry.terraform.io/providers/Valodim/desec/latest

If there is community interest to maintain this in an official capacity, I wouldn’t mind transferring the repo to the desec org on github.

1 Like

Hi Valodim,

I’m sorry I did not get back to you earlier – I set up email notifications for replies, but I can’t recall having received an email. Apologies!

It’s great that you were so quickly able to type up a Terraform provider. It looks awesome! <3 I added it Tools implementing deSEC.

Stay secure,
Peter

Thanks! :slight_smile:

For the record, terraform compatibility is actually kind of rare outside of AWS/Azure/GCE/Cloudflare, and it was one of the must-have features I was looking for in a dns hoster. It’s only anecdotal, but for me that would have been a very effective hook in the “feature grid” on the front page.

Again, thanks for all your work on deSEC!