Introduction
This article provides a step-by-step guide for uploading a provider to the Private Registry in HCP Terraform or Terraform Enterprise. This example uses the AzureRM provider. You can find all required files for this example on the official HashiCorp Releases site.
Prerequisites
- You must be a member of the owners team or a team with Manage Private Registry permissions to publish and delete private providers.
- You must have
jqinstalled on your local machine.
Procedure
Step 1: Download the Release Files
First, use the Releases API to get the latest version of the AzureRM provider.
$ curl https://api.releases.hashicorp.com/v1/releases/terraform-provider-azurerm/latest
Next, download the required release files for Windows and Linux from the URLs provided in the API response.
$ curl https://releases.hashicorp.com/terraform-provider-azurerm/3.46.0/terraform-provider-azurerm_3.46.0_linux_amd64.zip > terraform-provider-azurerm_3.46.0_linux_amd64.zip $ curl https://releases.hashicorp.com/terraform-provider-azurerm/3.46.0/terraform-provider-azurerm_3.46.0_windows_amd64.zip > terraform-provider-azurerm_3.46.0_windows_amd64.zip
Step 2: Create GPG Key and SHASUM Files
Create a GPG key by running the following command and following the interactive prompts.
$ gpg --full-generate-key
Next, export your GPG key. Replace <key-id> with your GPG key ID.
$ gpg --armor --export <key-id> > key.gpg
Finally, create the SHASUM and SHASUM.sig files. Ensure you use the same <key-id> for both commands if you have multiple keys.
$ shasum -a 256 *.zip > terraform-provider-azurerm_3.46.0_SHA256SUMS $ gpg --default-key <key-id> --detach-sign terraform-provider-azurerm_3.46.0_SHA256SUMS
Step 3: Upload the GPG Key
First, create a file named payload.json with the following content. Replace <org-name> with your organization name.
{
"data": {
"type": "gpg-keys",
"attributes": {
"namespace": "<org-name>",
"ascii-armor": ""
}
}
}Next, update the payload.json file with your GPG key.
$ jq --arg armor "$(cat key.gpg)" '.data.attributes."ascii-armor"=$armor' payload.json > gpg-payload.json
Set your API token, hostname, and organization name as environment variables.
$ export TOKEN=<TOKEN> $ export TFE_HOST=<TFE-HOSTNAME> $ export ORG=<ORG>
Finally, upload the GPG key. Take note of the key-id in the response, as you will need it later.
$ curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request POST \ --data @gpg-payload.json \ https://$TFE_HOST/api/registry/private/v2/gpg-keys
Step 4: Create the Provider
Create a file named provider-endpoint-payload.json with the following content. Replace <org-name> with your organization name.
{
"data": {
"type": "registry-providers",
"attributes": {
"name": "azurerm",
"namespace": "<org-name>",
"registry-name": "private"
}
}
}Run the following command to create the provider.
$ curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request POST \ --data @provider-endpoint-payload.json \ https://$TFE_HOST/api/v2/organizations/$ORG/registry-providers
Step 5: Create a Provider Version
Create a file named provider-version-payload.json. Replace <key-id> with the ID from Step 3.
{
"data": {
"type": "registry-provider-versions",
"attributes": {
"version": "3.46.0",
"key-id": "<key-id>",
"protocols": [
"5.0"
]
}
}
}Run the following command to create the provider version. Take note of the shasums-upload and shasums-sig-upload links in the response.
$ curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request POST \ --data @provider-version-payload.json \ https://$TFE_HOST/api/v2/organizations/$ORG/registry-providers/private/$ORG/azurerm/versions
Step 6: Upload the SHASUMS Files
Upload the shasums file using the shasums-upload link from the previous step's response.
$ curl -T terraform-provider-azurerm_3.46.0_SHA256SUMS <shasums-upload>
Next, upload the shasums.sig file using the shasums-sig-upload link.
$ curl -T terraform-provider-azurerm_3.46.0_SHA256SUMS.sig <shasums-sig-upload>
Step 7: Create Provider Platforms
First, create a file named provider-platform-endpoint-linux-payload.json. Replace <shasum> with the SHA sum for the linux_amd64 file.
{
"data": {
"type": "registry-provider-version-platforms",
"attributes": {
"os": "linux",
"arch": "amd64",
"shasum": "<shasum>",
"filename": "terraform-provider-azurerm_3.46.0_linux_amd64.zip"
}
}
}Create the Linux provider platform.
$ curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request POST \ --data @provider-platform-endpoint-linux-payload.json \ https://$TFE_HOST/api/v2/organizations/$ORG/registry-providers/private/$ORG/azurerm/versions/3.46.0/platforms
Next, create provider-platform-endpoint-windows-payload.json. Replace <shasum> with the SHA sum for the windows_amd64 file.
{
"data": {
"type": "registry-provider-version-platforms",
"attributes": {
"os": "windows",
"arch": "amd64",
"shasum": "<shasum>",
"filename": "terraform-provider-azurerm_3.46.0_windows_amd64.zip"
}
}
}Finally, create the Windows provider platform. Take note of the provider-binary-upload links in the responses.
$ curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request POST \ --data @provider-platform-endpoint-windows-payload.json \ https://$TFE_HOST/api/v2/organizations/$ORG/registry-providers/private/$ORG/azurerm/versions/3.46.0/platforms
Step 8: Upload Provider Binaries
Upload the Linux provider binary using the provider-binary-upload link from the previous step's response.
$ curl -T terraform-provider-azurerm_3.46.0_linux_amd64.zip <provider-binary-upload>
Upload the Windows provider binary using its corresponding provider-binary-upload link.
$ curl -T terraform-provider-azurerm_3.46.0_windows_amd64.zip <provider-binary-upload>
Additional Information
For more details on the API, refer to the official documentation on Publishing Private Providers.