{"id":13505753,"url":"https://github.com/env0/terraform-provider-env0","last_synced_at":"2025-12-25T16:56:47.782Z","repository":{"id":37026920,"uuid":"345164646","full_name":"env0/terraform-provider-env0","owner":"env0","description":"Terraform Provider for env0","archived":false,"fork":false,"pushed_at":"2025-07-31T00:01:31.000Z","size":2552,"stargazers_count":41,"open_issues_count":10,"forks_count":15,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-10-01T05:53:15.889Z","etag":null,"topics":["opentofu","opentofu-provider","terraform","terraform-provider"],"latest_commit_sha":null,"homepage":"https://env0.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/env0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-06T18:19:47.000Z","updated_at":"2025-07-30T10:45:26.000Z","dependencies_parsed_at":"2023-10-22T22:25:06.609Z","dependency_job_id":"e071c5a0-a6b7-4ca0-8ef7-5e64138d3b42","html_url":"https://github.com/env0/terraform-provider-env0","commit_stats":null,"previous_names":[],"tags_count":197,"template":false,"template_full_name":null,"purl":"pkg:github/env0/terraform-provider-env0","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/env0%2Fterraform-provider-env0","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/env0%2Fterraform-provider-env0/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/env0%2Fterraform-provider-env0/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/env0%2Fterraform-provider-env0/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/env0","download_url":"https://codeload.github.com/env0/terraform-provider-env0/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/env0%2Fterraform-provider-env0/sbom","scorecard":{"id":378381,"data":{"date":"2025-08-11","repo":{"name":"github.com/env0/terraform-provider-env0","commit":"fb11d20be94855f084d69359dd93efabdf0fbb76"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.1,"checks":[{"name":"Maintained","score":10,"reason":"10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":7,"reason":"Found 21/30 approved changesets -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/assign-reviewers.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/docs.yml:1","Warn: no topLevel permission defined: .github/workflows/pr-approve-labeler.yml:1","Warn: no topLevel permission defined: .github/workflows/pr-auto-assign.yml:1","Warn: no topLevel permission defined: .github/workflows/pr-labeler.yml:1","Warn: no topLevel permission defined: .github/workflows/pr-validation.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Info: Possibly incomplete results: error parsing shell code: reached EOF without closing quote \": examples/resources/env0_api_key/import.sh:0","Info: Possibly incomplete results: error parsing shell code: \u003e must be followed by a word: examples/resources/env0_gcp_cloud_configuration/import.sh:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/docs.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/docs.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-approve-labeler.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/pr-approve-labeler.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-auto-assign.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/pr-auto-assign.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/pr-labeler.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/pr-labeler.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-validation.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/pr-validation.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/env0/terraform-provider-env0/release.yml/main?enable=pin","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   9 third-party GitHubAction dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: terraform-provider-env0_1.29.3_SHA256SUMS.sig: https://github.com/env0/terraform-provider-env0/releases/tag/v1.29.3","Info: signed release artifact: terraform-provider-env0_1.29.2_SHA256SUMS.sig: https://github.com/env0/terraform-provider-env0/releases/tag/v1.29.2","Info: signed release artifact: terraform-provider-env0_1.29.1_SHA256SUMS.sig: https://github.com/env0/terraform-provider-env0/releases/tag/v1.29.1","Info: signed release artifact: terraform-provider-env0_1.29.0_SHA256SUMS.sig: https://github.com/env0/terraform-provider-env0/releases/tag/v1.29.0","Info: signed release artifact: terraform-provider-env0_1.28.0_SHA256SUMS.sig: https://github.com/env0/terraform-provider-env0/releases/tag/v1.28.0","Warn: release artifact v1.29.3 does not have provenance: https://api.github.com/repos/env0/terraform-provider-env0/releases/233752161","Warn: release artifact v1.29.2 does not have provenance: https://api.github.com/repos/env0/terraform-provider-env0/releases/228689535","Warn: release artifact v1.29.1 does not have provenance: https://api.github.com/repos/env0/terraform-provider-env0/releases/227726823","Warn: release artifact v1.29.0 does not have provenance: https://api.github.com/repos/env0/terraform-provider-env0/releases/226887814","Warn: release artifact v1.28.0 does not have provenance: https://api.github.com/repos/env0/terraform-provider-env0/releases/220083038"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:22"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T14:47:38.669Z","repository_id":37026920,"created_at":"2025-08-18T14:47:38.669Z","updated_at":"2025-08-18T14:47:38.669Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279011599,"owners_count":26084964,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["opentofu","opentofu-provider","terraform","terraform-provider"],"created_at":"2024-08-01T00:01:12.949Z","updated_at":"2025-12-25T16:56:47.775Z","avatar_url":"https://github.com/env0.png","language":"Go","funding_links":[],"categories":["Providers"],"sub_categories":["Vendor supported providers"],"readme":"\u003ca href=\"https://env0.com\"\u003e\n    \u003cimg src=\".github/env0_logo.svg\" alt=\"env0 logo\" title=\"env0\" align=\"right\" height=\"40\" /\u003e\n\u003c/a\u003e\n\n# Terraform Provider for env0\n\n[![Go Report Card](https://goreportcard.com/badge/github.com/env0/terraform-provider-env0)](https://goreportcard.com/report/github.com/env0/terraform-provider-env0)\n\n- [Documentation](https://search.opentofu.org/provider/env0/env0/latest)\n- [Usage Examples](https://github.com/env0/terraform-provider-env0/tree/main/examples)\n\n## Quick Start\n\n```terraform\nterraform {\n  required_providers {\n    env0 = {\n      source = \"env0/env0\"\n    }\n  }\n}\n\nprovider \"env0\" {}\n\ndata \"env0_project\" \"default_project\" {\n  name = \"My First Project\"\n}\n\nresource \"env0_template\" \"example\" {\n  name        = \"example\"\n  description = \"Example template\"\n  repository  = \"https://github.com/env0/templates\"\n  path        = \"aws/hello-world\"\n}\n\nresource \"env0_configuration_variable\" \"in_a_template\" {\n  name        = \"VARIABLE_NAME\"\n  value       = \"some value\"\n  template_id = env0_template.tested1.id\n}\n```\n\n## Authentication\n\n1. Generate an `api_key` and `api_secret` from the Organization Settings page.\n   See [here](https://developer.env0.com/docs/api/YXBpOjY4Njc2-env0-api#creating-an-api-key).\n\n2. These can be provided by one of two methods:\n\n   1. Set `ENV0_API_KEY` and `ENV0_API_SECRET` environment variables, and just declaring the provider with no parameters:\n\n   ```terraform\n      provider \"env0\" {}\n   ```\n\n   2. Specify these fields as parameters to the provider:\n\n   ```terraform\n   variable \"env0_api_key\" {}\n   variable \"env0_api_secret\" {}\n\n   provider \"env0\" {\n     api_key = var.env0_api_key\n     api_secret = var.env0_api_secret\n   }\n   ```\n\n### How to get VCS credentials for Creating a template or a VCS environment\n\nTo create an `env0_template` or a VCS `env0_environment` resources a user must provision the corresponding credentials:\n\n1. `github_installation_id` for Github\n2. `bitbucket_client_key` for Bitbucket\n3. `gitlab_project_id` + `token_id` for Gitlab\n4. `token_id` for Azure DevOps\n5. `vcs_connection_id` for an already existing VCS connection (created in env0)\n\nTo get those credentials in the provider you must first create a \"master\" environment via the `env0` app, then just fetch the corresponding `env0_environment` data source and use the relevant credentials:\n\n```\ndata \"env0_environment\" \"master_environment\" {\n  id = \"exampleId\"\n}\n\nresource \"env0_template\" \"example\" {\n  name        = \"example AzureDevOps\"\n  description = \"Example AzureDevOps template\"\n  repository  = \"https://dev.azure.com/example-org/AWS/_git/example\"\n  path        = \"hello-world\"\n  token_id    = data.env0_environment.master_environment.token_id\n}\n```\n\n## Development Setup\n\n\u003e **Supported Go Version: 1.24**\n\n### Build\n\n- Use the `./build.sh` script.\n- The output binary is called `terraform-provider-env0`\n\n### Run local version of the provider\n\n- Build - `./build.sh`\n- Create the plugins folder - `mkdir -p ~/.terraform.d/plugins/terraform.env0.com/local/env0/6.6.6/darwin_arm64` (for Intel processor, replace `arm64` with `amd64`)\n- Copy the built binary - `cp ./terraform-provider-env0 ~/.terraform.d/plugins/terraform.env0.com/local/env0/6.6.6/darwin_arm64` (Replace `darwin` with `linux` on Linux)\n- Require the local provider in your `main.tf` -\n\n```\nterraform {\n  required_providers {\n    env0 = {\n      version = \"6.6.6\"\n      source  = \"terraform.env0.com/local/env0\"\n    }\n  }\n}\n```\n\n### Installing pre-commit hooks\n\nFor consistent coding style, install [pre-commit](https://pre-commit.com/#install) hooks.\n\n```\ngo install golang.org/x/tools/...@latest\ngo install honnef.co/go/tools/cmd/staticcheck@latest\npre-commit install\npre-commit install --hook-type pre-push\n```\n\n## Testing\n\n### Integration tests\n\n- The integration tests run against the real env0 API\n- Have `ENV0_API_KEY` and `ENV0_API_SECRET` environment variables defined.\n- Also set `ENV0_API_ENDPOINT` if you want to run against a non-prod environment.\n- Run `go run tests/harness.go` (from the project root folder) to run all the tests.\n- Use `go run tests/harness.go 003_configuration_variable` to run a specific test.\n\nEach test perform the following steps:\n\n- `terraform init`\n- `terraform apply -auto-approve -var second_run=0`\n- `terraform apply -auto-approve -var second_run=1`\n- `terraform outputs -json` - and verifies expected outputs from `expected_outputs.json`\n- `terraform destroy`\n\nThe harness has two modes to help while developing: If an environment variable `DESTROY_MODE` exists and it's value is `NO_DESTROY`, the harness will avoid calling `terraform destroy`, allowing the developer to inspect the resources created, through the dashboard, for example.\nAfterwards, when cleanup is required, just set `DESTROY_MODE` to `DESTROY_ONLY` and _only_ `terraform destroy` will run.\n\n#### Integration Test Prerequisites\n\n- An env0 organization\n- An API Key\n- A Github.com integrated template name `Github Integrated Template` for https://github.com/env0/templates\n- A Gitlab.com integrated template name `Gitlab Integrated Template` for https://gitlab.com/env0/gitlab-vcs-integration-tests\n\n### Unit Testing\n\n#### How to run tests\n\nRun from root directory:\n\n```shell\ngo test -v ./...\n```\n\n#### Running a single provider test\n\n```shell\nexport TEST_PATTERN=\"TestUnitConfigurationVariableResource/Create\" \u0026\u0026 go test -v ./env0\n```\n\n#### How to use mocks\n\n1. Make sure `GOPATH` is in your `PATH`\n\n```shell\ngo env GOPATH\necho $PATH\nexport PATH=$PATH:$(go env GOPATH)  # if not\n```\n\n2. Install mockgen\n\n```\ngo install go.uber.org/mock/mockgen@v0.5.0\n```\n\n3. Make sure to add this line in files that include the interface you'd wish to mock:\n\n```\n//go:generate mockgen -destination=\u003cfile\u003e_mock.go -package=\u003cpackage\u003e . \u003cinterface\u003e\n```\n\n4. Run from root directory:\n\n```shell\ngo generate ./...\n```\n\n## Documentation\n\n- Docs are generated using github.com/hashicorp/terraform-plugin-docs\n- Run `./generate-docs.sh` to generate docs\n- Must be run manually before releasing a version\n- Please add an example to `examples/\u003cresources or data-sources\u003e/env0_\u003cname\u003e` dir and make sure it is added to the docs.\n\n## Release\n\nTo release a version to the [Terraform Public Registry](https://registry.terraform.io/providers/env0/env0/latest?pollNotifications=true):\n\n1. Validate that all status checks are ✅ on `main` branch (specifically that docs generation is complete)\n2. Pull from remote first - `git pull origin main`\n3. Create and push a tag **locally**, in semver format - `git tag v0.0.9 \u0026\u0026 git push origin --tags`\n4. New release with binaries **will be automatically generated** by the GitHub action defined in `.github/workflows/release.yml`. It needs to be approved.\n5. The Registry will automatically pick up on the new version.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenv0%2Fterraform-provider-env0","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenv0%2Fterraform-provider-env0","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenv0%2Fterraform-provider-env0/lists"}