Terraform Provider for TigerTrust
The TigerTrust Terraform provider enables infrastructure-as-code practices for certificate lifecycle management. Define, deploy, and manage certificates alongside your infrastructure using familiar Terraform workflows.
Provider Configuration
Configure the TigerTrust provider:
terraform { required_providers { tigertrust = { source = "tigertrust/tigertrust" version = "~> 1.0" } } } provider "tigertrust" { api_key = var.tigertrust_api_key api_url = "https://api.tigertrust.io" org_id = var.tigertrust_org_id }
Certificate Resources
Define certificates as Terraform resources:
resource "tigertrust_certificate" "api_gateway" { name = "api-gateway-cert" common_name = "api.example.com" san_dns_names = [ "api.example.com", "api-v2.example.com" ] issuer = "enterprise-ca" validity { duration_days = 365 } auto_renewal { enabled = true days_before = 30 } deployment { type = "aws-acm" region = "us-east-1" } tags = { environment = "production" team = "platform" } }
Policy Resources
Define certificate policies as code:
resource "tigertrust_policy" "production_certs" { name = "production-certificate-policy" description = "Policy for production certificates" requirements { min_key_size = 2048 allowed_key_types = ["RSA", "ECDSA"] max_validity_days = 365 require_san = true } allowed_issuers = [ tigertrust_issuer.enterprise_ca.id ] notification { channels = ["slack", "email"] days_before_expiry = [30, 14, 7, 1] } enforcement { mode = "enforce" # or "audit" } }
Data Sources
Query existing certificates and resources:
data "tigertrust_certificate" "existing" { common_name = "app.example.com" } data "tigertrust_certificates" "expiring_soon" { filter { expires_within_days = 30 environment = "production" } } output "expiring_certificates" { value = data.tigertrust_certificates.expiring_soon.certificates }
Integration with Other Providers
Use TigerTrust certificates with other Terraform providers:
# AWS ALB with TigerTrust certificate resource "aws_lb_listener" "https" { load_balancer_arn = aws_lb.main.arn port = 443 protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = tigertrust_certificate.api_gateway.aws_acm_arn default_action { type = "forward" target_group_arn = aws_lb_target_group.main.arn } } # Kubernetes secret with TigerTrust certificate resource "kubernetes_secret" "tls" { metadata { name = "app-tls" namespace = "production" } type = "kubernetes.io/tls" data = { "tls.crt" = tigertrust_certificate.api_gateway.certificate_pem "tls.key" = tigertrust_certificate.api_gateway.private_key_pem } }
Modules
Create reusable certificate modules:
module "web_certificate" { source = "./modules/tigertrust-certificate" name = "web-app" domain = "app.example.com" environment = "production" deploy_to = { aws_acm = true kubernetes = true } }
State Management
TigerTrust provider supports all Terraform state operations:
- Import existing certificates
- State refresh for certificate updates
- Proper resource dependencies
- Sensitive data handling
OpenTofu Compatibility
The TigerTrust provider is fully compatible with OpenTofu, the open-source Terraform alternative.
Achieve infrastructure-as-code for your entire certificate lifecycle with TigerTrust and Terraform.