Use HashiCorp Terraform to Manage Your Auth0 Configuration

How to use HashiCorp Terraform and the Auth0 Provider to maintain your critical infrastructure, including your Auth0 configuration, in code.

Learn more

Brought for you by John Brennan

Wohoooo! Finally Terraform and Auth0 integration! Let us know your thoughts in the comments below!

1 Like

Tip: If you receive a “Wrong email or password” error when you attempt to log in, there’s a chance that you need to disable other connections for your application. Head to your Auth0 Applications Dashboard, click on the “Terraform Secure Express” application, and click the “Connections” tab. Ensure that all connections except the terraform-express-user-db connection are disabled.

Any chance this could be automated via Terraform?

AFAIK, by default new applications are automatically enabled for all connections, which causes this type of problems, which is in itself not super easy to find out the first time (especially for new Auth0 users). If we could setup everything correctly using Terraform, that would be awesome!

1 Like

Howdy, Jonathan! Welcome to our Auth0 Community. Let me bring up this question internally with our Product Team to see if they may have any recommendations.

1 Like

Thank you for this provider, Alex!

Any way we can manage grants on the auth0 mgmt. API?

Using our Management API you can only get or delete grants:

1 Like

Just to update you :slight_smile: I am still waiting for an answer on your question from our Product team :eyes: I’ve not forgotten.

Thanks Dan!

(FYI, different colleagues of mine tried to use Auth0, following more or less the content of that blog, and they all felt into that “all connections enabled for new clients” trap, each one of them :slight_smile: )

1 Like

Jonathan, I got a response for you! This Terraform integration is a collaboration with Alex Kalyvitis. I obtained the following recommendation from our team: The terraform-provider-auth0 Github project is the source of truth for all issues and feedback on the Terraform provider. You may visit the site and file an issue with your request as an enhancement. Let me know what you think, please :slight_smile:

1 Like

How we can export and import existing users to terraform ?

1 Like

Howdy, Vikram! Welcome to the Auth0 Community. I am researching your question internally. I’ll have an answer for you by next week as I get feedback on this feature.

Are there plans to allow any existing Auth0 resources to be imported to terraform state (not users)? For example we have a number of applications manually configured and would prefer not to have to recrete them in Terraform.

1 Like

Howdy, Luke. Welcome to the Auth0 community. Let me ask the team about importing existing Auth0 resources to Terraform state.

Vikram, we have something in the works to support exporting into Terraform using deploy-cli . We’ve created a draft PR that is available in the public repo and are in progress to update documentations that go with the repo before releasing it as an experimental feature. feat: terraform export/mirgration support by shushen · Pull Request #273 · auth0/auth0-deploy-cli · GitHub

Luke, similar to what I replied to Vikram: We’ve created a draft PR that is available in the public repo and are in progress to update documentations that go with the repo before releasing it as an experimental feature. In addition to being able to export from Auth0 into terraform configurations, the experimental support for Rerraform will also support converting from existing deploy-cli configurations.feat: terraform export/mirgration support by shushen · Pull Request #273 · auth0/auth0-deploy-cli · GitHub, which may fulfill your use case.

Seems since this was written terraform now requires you to define the ‘source’ of providers used.

If you get the following errors when running terraform init

╷
│ Error: Failed to query available provider packages
│ 
│ Could not retrieve the list of available versions for provider hashicorp/docker: provider registry registry.terraform.io does
│ not have a provider named registry.terraform.io/hashicorp/docker
│ 
│ Did you intend to use kreuzwerker/docker? If so, you must specify that source address in each module which requires that
│ provider. To see which modules are currently depending on hashicorp/docker, run the following command:
│     terraform providers
╵

╷
│ Error: Failed to query available provider packages
│ 
│ Could not retrieve the list of available versions for provider hashicorp/auth0: provider registry registry.terraform.io does not
│ have a provider named registry.terraform.io/hashicorp/auth0
│ 
│ Did you intend to use alexkappa/auth0? If so, you must specify that source address in each module which requires that provider.
│ To see which modules are currently depending on hashicorp/auth0, run the following command:
│     terraform providers
╵

… add the following to main.tf

terraform {
  required_providers {
    docker = {
      source = "kreuzwerker/docker"
    }
    auth0 = {
      source = "alexkappa/auth0"
    }
  }
}
2 Likes

If you get an error like “http://localhost:3000 is not a valid logout URL” when trying to logout from the express app, add the following to the auth0_client resource in main.tf:
allowed_logout_urls = ["http://localhost:3000"]

1 Like

If you already manually-created resources in your Auth0 account, terraform import may be used to add them to your tf state file via the resources “id”, allowing tf to begin managing those resources, e.g. terraform import auth0_client.my_app "vcFuSTYSoZn76VCD5kniG5Ce8fKvyVtw"

https://registry.terraform.io/providers/alexkappa/auth0/latest/docs#importing-resources

1 Like

Thanks for sharing all that James with the rest of community!

1 Like

Hi,

I just noticed your reply @jamesmehorter1 about importing existing resources. How about other resources like the email provider or email templates? Any idea how to retrieve these id’s?

I tried importing an email provider by name which failed, but I’m not able to retrieve the id by the Auth0 API.