{"id":36708385,"url":"https://github.com/trozz/terraform-provider-pocketid","last_synced_at":"2026-06-17T00:01:02.347Z","repository":{"id":302250818,"uuid":"1011758669","full_name":"Trozz/terraform-provider-pocketid","owner":"Trozz","description":"Terraform provider for Pocket-ID: manage OIDC clients, users, and groups in your self-hosted Pocket-ID instance as code.","archived":false,"fork":false,"pushed_at":"2026-06-16T11:20:47.000Z","size":427,"stargazers_count":27,"open_issues_count":10,"forks_count":4,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-16T11:23:04.527Z","etag":null,"topics":["go","iam","infrastructure-as-code","oidc","openid-connect","passkeys","pocket-id","pocketid","self-hosted","terraform","terraform-provider"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Trozz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-01T09:48:59.000Z","updated_at":"2026-06-16T11:06:27.000Z","dependencies_parsed_at":"2025-07-01T11:25:24.499Z","dependency_job_id":"e1f13ecd-a2f9-4165-ae3d-3acc646bd165","html_url":"https://github.com/Trozz/terraform-provider-pocketid","commit_stats":null,"previous_names":["trozz/terraform-provider-pocketid"],"tags_count":29,"template":false,"template_full_name":null,"purl":"pkg:github/Trozz/terraform-provider-pocketid","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Trozz%2Fterraform-provider-pocketid","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Trozz%2Fterraform-provider-pocketid/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Trozz%2Fterraform-provider-pocketid/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Trozz%2Fterraform-provider-pocketid/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Trozz","download_url":"https://codeload.github.com/Trozz/terraform-provider-pocketid/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Trozz%2Fterraform-provider-pocketid/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34428197,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-16T02:00:06.860Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","iam","infrastructure-as-code","oidc","openid-connect","passkeys","pocket-id","pocketid","self-hosted","terraform","terraform-provider"],"created_at":"2026-01-12T11:45:08.574Z","updated_at":"2026-06-17T00:01:02.331Z","avatar_url":"https://github.com/Trozz.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform Provider for Pocket-ID\n\n[![Terraform Registry](https://img.shields.io/badge/Terraform%20Registry-v0.1.0-blue)](https://registry.terraform.io/providers/trozz/pocketid/latest)\n[![CI](https://github.com/Trozz/terraform-provider-pocketid/actions/workflows/ci.yml/badge.svg)](https://github.com/Trozz/terraform-provider-pocketid/actions/workflows/ci.yml)\n[![codecov](https://codecov.io/gh/Trozz/terraform-provider-pocketid/branch/main/graph/badge.svg)](https://codecov.io/gh/Trozz/terraform-provider-pocketid)\n[![Go Report Card](https://goreportcard.com/badge/github.com/Trozz/terraform-provider-pocketid)](https://goreportcard.com/report/github.com/Trozz/terraform-provider-pocketid)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\nThe Terraform Provider for [Pocket-ID](https://github.com/pocket-id/pocket-id) enables you to manage OIDC clients,\nusers, and groups in your Pocket-ID instance using Infrastructure as Code.\n\n## What is Pocket-ID?\n\nPocket-ID is a simple, self-hosted OpenID Connect (OIDC) provider that uses passkeys for authentication instead of\npasswords. This makes it more secure and user-friendly than traditional authentication methods.\n\n## Features\n\n- 🔐 **OIDC Client Management**: Create and manage OAuth2/OIDC client applications\n- 👥 **User Management**: Manage user accounts (passkey registration via UI)\n- 👨‍👩‍👦‍👦 **Group Management**: Organize users and control access with groups\n- 🔑 **Secure Authentication**: API token-based provider authentication\n- 🚀 **Easy to Use**: Simple, intuitive resource definitions\n- 📚 **Well Documented**: Comprehensive documentation and examples\n\n## Requirements\n\n- [Terraform](https://www.terraform.io/downloads.html) \u003e= 1.0\n- [Go](https://golang.org/doc/install) \u003e= 1.20 (for development)\n- A running [Pocket-ID](https://github.com/pocket-id/pocket-id) instance\n- An API token from your Pocket-ID instance\n\n## Installation\n\n### Terraform Registry\n\n```hcl\nterraform {\n  required_providers {\n    pocketid = {\n      source  = \"trozz/pocketid\"\n      version = \"~\u003e 1.0\"\n    }\n  }\n}\n```\n\n### Manual Installation\n\n1. Download the latest release from the [releases page](https://github.com/Trozz/terraform-provider-pocketid/releases)\n2. Extract the archive\n3. Move the binary to `~/.terraform.d/plugins/registry.terraform.io/trozz/pocketid/${VERSION}/${OS_ARCH}/`\n\n#### Verifying Release Attestations\n\nAll release artifacts include build attestations for supply chain security. To verify the authenticity of a release:\n\n```bash\n# Using GitHub CLI\ngh attestation verify terraform-provider-pocketid_v1.0.0_darwin_amd64.zip \\\n  --owner Trozz \\\n  --repo terraform-provider-pocketid\n```\n\nFor more information about attestations, see our [attestations documentation](docs/ATTESTATIONS.md).\n\n## Quick Start\n\n### 1. Configure the Provider\n\n```hcl\n# Using provider configuration\nprovider \"pocketid\" {\n  base_url  = \"https://auth.example.com\"\n  api_token = var.pocketid_api_token\n}\n\n# Or using environment variables\n# export POCKETID_BASE_URL=\"https://auth.example.com\"\n# export POCKETID_API_TOKEN=\"your-api-token\"\n```\n\n### 2. Create an OIDC Client\n\n```hcl\nresource \"pocketid_client\" \"web_app\" {\n  name = \"My Web Application\"\n  callback_urls = [\n    \"https://app.example.com/callback\",\n    \"http://localhost:3000/callback\"\n  ]\n  is_public    = false\n  pkce_enabled = true\n}\n\noutput \"client_id\" {\n  value = pocketid_client.web_app.id\n}\n\noutput \"client_secret\" {\n  value     = pocketid_client.web_app.client_secret\n  sensitive = true\n}\n```\n\n### 3. Create Groups and Users\n\n```hcl\n# Create a group\nresource \"pocketid_group\" \"developers\" {\n  name          = \"developers\"\n  friendly_name = \"Development Team\"\n}\n\n# Create a user\nresource \"pocketid_user\" \"john_doe\" {\n  username   = \"johndoe\"\n  email      = \"john@example.com\"\n  first_name = \"John\"\n  last_name  = \"Doe\"\n  groups     = [pocketid_group.developers.id]\n}\n```\n\n## Resources\n\n### Available Resources\n\n- `pocketid_client` - Manages OIDC client applications\n- `pocketid_user` - Manages user accounts\n- `pocketid_group` - Manages user groups\n\n### Available Data Sources\n\n- `pocketid_client` - Queries a single OIDC client\n- `pocketid_clients` - Lists all OIDC clients\n- `pocketid_user` - Queries a single user by ID or username\n- `pocketid_users` - Lists users with optional filtering\n\n## Documentation\n\nFull documentation is available on the [Terraform Registry](https://registry.terraform.io/providers/trozz/pocketid/latest/docs).\n\n### Quick Links\n\n- [Provider Configuration](https://registry.terraform.io/providers/trozz/pocketid/latest/docs)\n- [Resource: pocketid_client](https://registry.terraform.io/providers/trozz/pocketid/latest/docs/resources/client)\n- [Resource: pocketid_user](https://registry.terraform.io/providers/trozz/pocketid/latest/docs/resources/user)\n- [Resource: pocketid_group](https://registry.terraform.io/providers/trozz/pocketid/latest/docs/resources/group)\n\n## Examples\n\nSee the [examples](examples/) directory for complete working examples:\n\n- [Basic Provider Setup](examples/provider/)\n- [Complete Example](examples/complete/) - Full setup with clients, users, and groups\n- [Resource Examples](examples/resources/) - Individual resource examples\n\n## Development\n\n### Prerequisites\n\n- Go 1.20+\n- Terraform 1.0+\n- A Pocket-ID instance for testing\n\n### Building the Provider\n\n```bash\n# Clone the repository\ngit clone https://github.com/Trozz/terraform-provider-pocketid.git\ncd terraform-provider-pocketid\n\n# Install dependencies\nmake deps\n\n# Build the provider\nmake build\n\n# Install locally for testing\nmake install\n```\n\n### Running Tests\n\n**Important Note**: Due to Pocket-ID's security model, acceptance tests cannot be run in CI/CD pipelines. Pocket-ID requires:\n\n- Manual passkey registration through the web UI\n- Manual API key generation through the admin interface\n- No programmatic way to bootstrap an instance\n\n#### Unit Tests (Automated)\n\n```bash\n# Run unit tests - these run in CI\nmake test\n```\n\n#### Acceptance Tests (Manual)\n\nAcceptance tests require a manually configured Pocket-ID instance:\n\n1. Start a Pocket-ID instance\n2. Register a user with a passkey through the web UI\n3. Generate an API key in the admin interface\n4. Set environment variables:\n\n   ```bash\n   export POCKETID_BASE_URL=\"https://your-pocket-id-instance.com\"\n   export POCKETID_API_TOKEN=\"your-api-token\"\n   ```\n\n5. Run acceptance tests:\n\n   ```bash\n   make test-acc\n   ```\n\nSee [TESTING.md](TESTING.md) for detailed testing instructions and strategies.\n\n### Test Analytics\n\nThis project uses [Codecov](https://codecov.io) for code coverage and test analytics:\n\n[![codecov](https://codecov.io/gh/Trozz/terraform-provider-pocketid/branch/main/graph/badge.svg)](https://codecov.io/gh/Trozz/terraform-provider-pocketid)\n\n#### Features\n\n- **Code Coverage**: Track test coverage across all packages\n- **Test Analytics**: Monitor test performance and identify flaky tests\n- **Failed Test Reporting**: Get detailed reports on test failures\n- **PR Comments**: Automatic coverage reports on pull requests\n\n#### Running Tests with JUnit Output\n\nFor detailed test reporting, use `gotestsum`:\n\n```bash\n# Install gotestsum if not already installed\ngo install gotest.tools/gotestsum@latest\n\n# Run tests with JUnit XML output\nmake test-junit\n\n# Or run in CI format\nmake test-ci\n```\n\nThis generates:\n\n- `coverage.out` - Code coverage report\n- `junit.xml` - JUnit format test results for test analytics\n\n#### Local Coverage Report\n\nGenerate an HTML coverage report:\n\n```bash\nmake test-coverage\n# Opens coverage.html in your default browser\n```\n\n### Local Development\n\n1. Start a local Pocket-ID instance:\n\n   ```bash\n   make pocket-id-start\n   ```\n\n2. Build and install the provider:\n\n   ```bash\n   make dev\n   ```\n\n3. Use the provider in your Terraform configuration\n\n### Debugging\n\nEnable debug logging:\n\n```bash\nexport TF_LOG=DEBUG\nterraform apply\n```\n\n## Contributing\n\nContributions are welcome! Please see our [Contributing Guidelines](CONTRIBUTING.md) for details.\n\n### How to Contribute\n\n1. Fork the repository\n2. Create your feature branch (`git checkout -b feature/amazing-feature`)\n3. Commit your changes (`git commit -m 'Add some amazing feature'`)\n4. Push to the branch (`git push origin feature/amazing-feature`)\n5. Open a Pull Request\n\n### Development Workflow\n\n1. Write tests for your changes\n2. Ensure all tests pass (`make test-all`)\n3. Update documentation as needed\n4. Follow the existing code style\n5. Add yourself to the [CONTRIBUTORS](CONTRIBUTORS.md) file\n\n## Roadmap\n\n- [ ] Support for webhook resources\n- [ ] Bulk user import functionality\n- [ ] Enhanced policy management\n- [ ] Session management features\n- [ ] Automated passkey registration (when/if API supports it)\n\n## Support\n\n- **Issues**: [GitHub Issues](https://github.com/Trozz/terraform-provider-pocketid/issues)\n- **Discussions**: [GitHub Discussions](https://github.com/Trozz/terraform-provider-pocketid/discussions)\n- **Pocket-ID**: [Pocket-ID Repository](https://github.com/pocket-id/pocket-id)\n\n## Security\n\n### Reporting Security Issues\n\nPlease report security vulnerabilities to [security@leer.dev](mailto:security@leer.dev). Do not open public issues for\nsecurity problems.\n\n### Best Practices\n\n1. **Never commit API tokens** to version control\n2. Use environment variables or secure secret management\n3. Enable TLS verification in production\n4. Regularly rotate API tokens\n5. Follow the principle of least privilege for API tokens\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Acknowledgments\n\n- The [Pocket-ID](https://github.com/pocket-id/pocket-id) team for creating an awesome OIDC provider\n- The [Terraform Plugin Framework](https://github.com/hashicorp/terraform-plugin-framework) team\n- All [contributors](CONTRIBUTORS.md) who have helped improve this provider\n\n## Maintainers\n\n- [@trozz](https://github.com/trozz)\n\n---\n\nMade with ❤️ by the Terraform Pocket-ID Provider community\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrozz%2Fterraform-provider-pocketid","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrozz%2Fterraform-provider-pocketid","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrozz%2Fterraform-provider-pocketid/lists"}