Terraform Registry

You can configure the Speakeasy Generation Action to publish a generated Terraform provider. Note that Speakeasy Terraform provider generation does not support operating in monorepo mode, as you need to create a separate repository for the Terraform provider with the appropriate name format. To publish the generated Terraform provider, you need to do the following:

  • The repository you make for the Terraform provider must:
    • Be given the name terraform-provider-{NAME}, where NAME is lowercase.
    • Be public.
  • You will need to sign your Terraform provider releases with a signing key. Create and export a signing key following the instructions in the GitHub documentation for generating a new GPG key (opens in a new tab). Generate your GPG key using either the RSA or DSA algorithm.
  • Take note of the following values:
    • The GPG private key
    • The GPG passphrase
    • The GPG public key
  • Add the ASCII-armored public key to the Terraform registry.
  • Your GPG private key and GPG passphrase will be configured automatically if they are entered into the Speakeasy CLI. Ensure that the following secrets are available to your repository:
    • The GPG private key terraform_gpg_secret_key
    • The GPG passphrase terraform_gpg_passphrase
  • The first time you publish a Terraform provider generated using the Speakeasy Generation Action, you will need to manually add it to the Terraform Registry. Subsequent updates will be published automatically. To begin this process, follow the Terraform registry instructions (opens in a new tab) and agree to any Terraform terms and conditions. Note that you will need to be an organizational admin to complete this step.
  • Finally add the following file to your .github/workflows directory to indicate create releases for your Terraform provider using GoReleaser. If all the above steps have been completed the HashiCorpy registry will automatically pick up new changes.

# Terraform Provider release workflow.
name: Release
# This GitHub action creates a release when a tag that matches the pattern
# "v*" (e.g. v0.1.0) is created.
- 'v*'
# Releases need permissions to read and write the repository contents.
# GitHub considers creating releases and uploading assets as writing contents.
contents: write
runs-on: ubuntu-latest
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
# Allow goreleaser to access older tag information.
fetch-depth: 0
- uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
go-version-file: 'go.mod'
cache: true
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0
id: import_gpg
gpg_private_key: ${{ secrets.terraform_gpg_secret_key }}
passphrase: ${{ secrets.terraform_gpg_passphrase }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0
args: release --clean
# GitHub sets the GITHUB_TOKEN secret automatically.
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}