terraform icon indicating copy to clipboard operation
terraform copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Mutual TLS Authentication for HTTP Backend

Open cwiph opened this issue 3 years ago • 0 comments

Current Terraform Version

Terraform v1.2.7

Use-cases

As a terraform user I want to store my state and lock files in HTTP based backend's that require mutual TLS authentication for improved security and compliance reasons.

Attempted Solutions

According to the source code of the HTTP backend there is no support for mutual TLS authentication with client certificates.

Proposal

Extend the HTTP backend to support the following parameters for mutual TLS authentication:

  • TF_HTTP_CA - path to the CA certificate
  • TF_HTTP_CLIENT_CERTIFICATE - path to the client certificate
  • TF_HTTP_CLIENT_KEY - path to the private key of the client certificate

References

  • https://venilnoronha.io/a-step-by-step-guide-to-mtls-in-go
  • https://github.com/hashicorp/terraform/tree/main/internal/backend/remote-state/http

cwiph avatar Aug 11 '22 09:08 cwiph