{"id":13505720,"url":"https://github.com/nrkno/terraform-registry","last_synced_at":"2025-06-23T14:07:52.969Z","repository":{"id":37411077,"uuid":"484878844","full_name":"nrkno/terraform-registry","owner":"nrkno","description":"A private Terraform registry with modular store backends.","archived":false,"fork":false,"pushed_at":"2025-06-03T13:13:57.000Z","size":355,"stargazers_count":107,"open_issues_count":12,"forks_count":7,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-06-03T23:00:37.911Z","etag":null,"topics":["plattform","terraform","terraform-registry","utvikleropplevelse"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nrkno.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-04-23T23:28:39.000Z","updated_at":"2025-06-03T13:13:58.000Z","dependencies_parsed_at":"2024-04-08T10:43:45.261Z","dependency_job_id":"c1e8d2d2-7b53-428f-9881-31fa888e5d1b","html_url":"https://github.com/nrkno/terraform-registry","commit_stats":{"total_commits":260,"total_committers":11,"mean_commits":"23.636363636363637","dds":0.5576923076923077,"last_synced_commit":"99585f832b147f80107c979d3e5c4c547fd77383"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/nrkno/terraform-registry","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrkno%2Fterraform-registry","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrkno%2Fterraform-registry/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrkno%2Fterraform-registry/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrkno%2Fterraform-registry/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nrkno","download_url":"https://codeload.github.com/nrkno/terraform-registry/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrkno%2Fterraform-registry/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261491821,"owners_count":23166678,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["plattform","terraform","terraform-registry","utvikleropplevelse"],"created_at":"2024-08-01T00:01:12.247Z","updated_at":"2025-06-23T14:07:52.964Z","avatar_url":"https://github.com/nrkno.png","language":"Go","funding_links":[],"categories":["Tools","Self-Hosted Registries"],"sub_categories":["Registry","Miscellaneous"],"readme":"\u003c!--\nSPDX-FileCopyrightText: 2022 - 2025 NRK\n\nSPDX-License-Identifier: MIT\n--\u003e\n\n# Terraform Registry\n\nThis is an implementation of the Terraform registry protocol used to host a\nprivate Terraform registry. Supports modular stores (backends) for discovering\nand exposing modules and providers.\n\n**NOTE:** the APIs of this program are not currently considered stable and\nmight introduce breaking changes in minor versions before v1 major is reached.\n\nPlease question and report any issues you encounter with this implementation.\nThere is surely room for improvement. Raise an issue discussing your proposed\nchanges before submitting a PR. There is however no guarantee we will merge\nincoming pull requests.\n\nThird-party provider registries (like this program) are supported only in\nTerraform CLI v0.13 and later.\n\n## Features\n\n- [ ] login.v1 ([issue](https://github.com/nrkno/terraform-registry/issues/20))\n- [x] modules.v1\n- [x] providers.v1\n\n### Stores\n\n| Store | modules.v1 | providers.v1 | Description |\n|:---|:---:|:---:|:---|\n| GitHubStore | ✅ | ✅ | Uses the GitHub API to discover module and/or provider repositories using repository topics. |\n| MemoryStore | ✅ | ❌ | A dumb in-memory store used for internal unit testing. |\n| S3Store     | ✅ | ❌ | Uses the S3 protocol to discover modules stored in a bucket. |\n\n### Authentication\n\nYou can configure the registry to require client authentication for the\n`/v1/*` and `/download/*` paths. Additionally, the different stores might\nimplement other authentication schemes and details.\n\n## Running\n### Native\n\n```\n$ make build\n$ ./terraform-registry -h\n```\n\n### Docker\n\n```\n$ docker build -t terraform-registry .\n$ docker run terraform-registry\n```\n\n## Configuring\n\nThese are the common configuration options. Stores might have specific options\nyou can read more about in the stores section.\n\n#### Command line arguments\n\n- `-access-log-disabled`: Disable HTTP access log (default: `false`)\n- `-access-log-ignored-paths`: Ignore certain request paths from being logged (default: `\"\"`)\n- `-listen-addr`: HTTP server bind address (default: `:8080`)\n- `-auth-disabled`: Disable HTTP bearer token authentication (default: `false`)\n- `-auth-tokens-file`: JSON encoded file containing a map of auth token descriptions and tokens.\n  ```json\n  {\n    \"description for some token\": \"some token\",\n    \"description for some other token\": \"some other token\"\n  }\n  ```\n- `-env-json-files`: Comma-separated list of paths to JSON encoded files\n  containing a map of environment variable names and values to set.\n  Converts the keys to uppercase and replaces all occurences of `-` (dash) with\n  `_` (underscore).\n  E.g. prefix filepaths with 'myprefix_:' to prefix all keys in the file with\n  'MYPREFIX_' before they are set.\n  - All variable names will be converted to uppercase, and `-` will become `_`.\n  - If the filenames are prefixed with `myprefix_:`, the resulting environment\n    variable names from the specific file will be prefixed with `MYPREFIX_`\n    (e.g. `github_:/secret/github.json`).\n  - If a variable name is unable to be converted to a valid format, a warning is\n    logged, but the parsing continues without errors.\n- `-tls-enabled`: Whether to enable TLS termination (default: `false`)\n- `-tls-cert-file`: Path to TLS certificate file\n- `-tls-key-file`: Path to TLS certificate private key file\n- `-log-level`: Log level selection: `debug`, `info`, `warn`, `error` (default: `info`)\n- `-log-format`: Log output format selection: `json`, `console` (default: `console`)\n- `-version`: Print version info and exit\n\n#### Environment variables\n\n- `ASSET_DOWNLOAD_AUTH_SECRET`: secret used to sign JWTs protecting the `/download/provider/` routes.\n\n### GitHub Store\n\nThis store uses GitHub as a backend. Terraform modules and providers are discovered\nby [applying topics to your organisation's GitHub repositories][repository topics].\nThe store is configured by setting up search filters for the owner/org, and a topic\nyou want to use to expose repository releases in the registry.\n\nThe registry requires a GitHub token that has read access to all repositories in the\norganisation.\n\n[repository topics]: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics\n\n#### Modules\n\nA query for the module address `namespace/name/provider` will return the GitHub repository `namespace/name`.\nThe `provider` part of the module URL must always be set to `generic` since\nthis store implementation has no notion of the type of providers the modules\nare designed for.\n\nUpon loading the list of repositories, tags prefixed with `v` will have their prefix removed.\nI.e., a repository tag `v1.2.3` will be made available in the registry as version `1.2.3`.\n\nNo verification is performed to check if the repo actually contains a Terraform module.\nThis is left for Terraform to determine itself.\n\nThe module source download URLs returned are using the [`git::ssh` prefix](https://developer.hashicorp.com/terraform/language/modules/sources#generic-git-repository),\nmeaning that the client requesting the module must have a local SSH key linked with their\nGitHub user, and this user must have read access to the repository in question. In other words,\nrepository source access is still maintained and handled by GitHub.\n\n#### Providers\n\nA query for the provider address `namespace/name` will return the GitHub repository `namespace/name`.\n\nSome simple verification steps are performed to help ensure that the repo contains a Terraform\nprovider. A GitHub Release in the repository must follow the same\n[steps that HashiCorp requires when publishing a provider](https://developer.hashicorp.com/terraform/registry/providers/publishing)\nto their public registry.\n\nIn addition, you must provide the public part of the GPG signing key as part the Github release.\nThis is done by adding the GPG key in PEM format to your repository, and then\nextending the `extra_files` object of the `.goreleaser.yaml` from Hashicorp.\n\nReleases that do not follow this format will be ignored for the lifetime of the registry process and\nwill not be attempted verified again.\n\nExample:\n```yaml\nrelease:\n  extra_files:\n    - glob: 'terraform-registry-manifest.json'\n      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'\n    - glob: 'gpg-public-key.pem'\n      name_template: '{{ .ProjectName }}_{{ .Version }}_gpg-public-key.pem'\n```\n\n#### Environment variables\n\n- `GITHUB_TOKEN`: auth token for the GitHub API\n\n#### Command line arguments\n\n- `-store github`\n- `-github-owner-filter`: Module discovery GitHub org/user repository filter\n- `-github-topic-filter`: Module discovery GitHub topic repository filter\n- `-github-providers-owner-filter`: Provider discovery GitHub org/user repository filter\n- `-github-providers-topic-filter`: Provider discovery GitHub topic repository filter\n\n### S3 Store\n\nThis store uses S3 as a backend. A query for the module address\n`namespace/name/provider` will be used directly as an S3 bucket key.\nModules must therefore be stored under keys in the following format\n`namespace/name/provider/v1.2.3/v1.2.3.zip`.\n\nThe module source download URLs returned are using the [`s3::https` prefix](https://developer.hashicorp.com/terraform/language/modules/sources#s3-bucket),\nmeaning that the client requesting the module must have local access to the S3 bucket.\n\nThe registry requires the `s3:ListBucket` permission to discover modules, and\nthe clients will require the `s3:GetObject` permission.\n\nNo verification is performed to check if the path actually contains a Terraform\nmodule. This is left for Terraform to determine.\n\n#### Command line arguments\n\n- `-store s3`: Switch store to S3\n- `-s3-region`: Region such as us-east-1\n- `-s3-bucket`: S3 bucket name\n\n## Development\n\nSee [HACKING.md](./HACKING.md).\n\n## References\n\n- \u003chttps://www.terraform.io/language/modules/sources\u003e\n- \u003chttps://www.terraform.io/internals/login-protocol\u003e\n- \u003chttps://www.terraform.io/internals/module-registry-protocol\u003e\n- \u003chttps://www.terraform.io/internals/provider-registry-protocol\u003e\n\n## License\n\nThis project and all its files are licensed under MIT, unless stated\notherwise with a different license header. See [./LICENSES](./LICENSES) for\nthe full license text of all used licenses.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnrkno%2Fterraform-registry","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnrkno%2Fterraform-registry","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnrkno%2Fterraform-registry/lists"}