Skip to content

Git

Git storage provider is capable of holding terraform state files as it's a writable storage type.
This provider is also lockable - and because this storage type is backed up by a remote origin usually - it allows multiple users to work on the same state files without the risk of overriding eachother (the lock should protect the state file).
This storage provider was heavily influenced by terraform-backend-git.

Danger

It's highly recommended to not use this provider plainly without any transformer for the state file - as state files contains sensitive data.
See encryption transformer, to make git storage provider a viable solution to store terraform state files - without any additional cost - and with a minimal setup required.

Initialization

GitStorageProviderInitConfig

Initialization params required to initialize Git storage provider.

Attributes:

Name Type Description
origin_url str

The URL of the git repository. Must be accessible by the current user. Example: git@github.com:IamShobe/tf-state.git
ref str

The branch to use.
clone_path Optional[Path]

The path to clone the repository to. Default: None. (will be set to ~/.local/share/terraflex/git_storage/)
Source code in terraflex/plugins/git_storage_provider/git_storage_provider.py 
32
33
34
35
36
37
38
39
40
41
42
43
44
class GitStorageProviderInitConfig(BaseModel):
    """Initialization params required to initialize Git storage provider.

    Attributes:
        origin_url: The URL of the git repository. Must be accessible by the current user.
            Example: git@github.com:IamShobe/tf-state.git
        ref: The branch to use.
        clone_path: The path to clone the repository to. Default: None. (will be set to ~/.local/share/terraflex/git_storage/<repo_name>)
    """

    origin_url: str
    ref: str = "main"
    clone_path: Optional[pathlib.Path] = None

ItemKey

GitStorageProviderItemIdentifier

Bases: ItemKey

Params required to reference an item in Git storage provider.

Attributes:

Name Type Description
path str

The path to a specific file relative to the repository root, folders are also allowed as part of the path.
Source code in terraflex/plugins/git_storage_provider/git_storage_provider.py 
17
18
19
20
21
22
23
24
25
26
27
28
29
class GitStorageProviderItemIdentifier(ItemKey):
    """Params required to reference an item in Git storage provider.

    Attributes:
        path: The path to a specific file relative to the repository root,
            folders are also allowed as part of the path.
    """

    path: str

    @override
    def as_string(self) -> str:
        return self.path

Example

terraflex.yaml
storage_providers:
  git-storage: # Initialize new storage provider - name can be anything
    type: git # In this case we use `git` storage provider
    origin_url: git@github.com:IamShobe/tf-state.git

  envvar-example: # Initialize new storage provider - name can be anything
    type: envvar # In this case we use `envvar` storage provider

transformers:
  encryption: # Initialize new transformer - Name can be anything, we use `encryption` for semantics.
    type: encryption # In this case we use `encryption` transformer
    key_type: age # We use `age` as the encryption provider
    import_from_storage:
      provider: envvar-example # Make sure name is matching your storage provider
      params:
        key: AGE_KEY # The environment variable name to use for the encryption key

stacks:
  my-stack: # Initialize new stack - Name can be anything
    transformers: # List of transformers to use in this specific stack
      - encryption # Make sure name is matching your transformer
    state_storage: # Terraform state storage configuration
      provider: git-storage # In this case we use our git storage provider
      params:
        path: terraform.tfstate # The path to the state file inside our repository