Introducing the Storj Terraform Provider

September 1, 2022

We’re excited to announce the initial availability of our new Terraform provider for Storj! For customers who already manage infrastructure using Terraform, terraform-provider-storj allows users to declaratively manage and configure Storj buckets, access grants, and individual objects. Let’s take a quick look at what’s included. For more information, head on over to the provider’s documentation.

Prerequisites

Getting Started

First, you will need to add the provider to your Terraform file.

terraform {
  required_providers {
    storj = {
      source = "mjpitz/storj"
      version = "0.0.1"
    }
  }
}

Once added, run terraform init to download the provider from the remote registry.

# terraform init

Configuring Storj Authentication

By default, the provider will attempt to load your Storj access grant from the STORJ_ACCESS_GRANT environment variable. This value can also be configured directly on the provider and passed in using variables in the Terraform file.

variable "storj_access_grant" {
  type = string
  description = "The access grant used to authenticate the user with the Storj network"
}

provider "storj" {
  access_grant = var.storj_access_grant
}

Next, we’ll configure an access grant in the Storj UI for the provider to use. Head on over to the “Access” section of the Storj UI for the project you want to manage using Terraform.

Click on the blue “Create Access Grant” button. This will pull up a modal asking for the scope and permissions you wish to grant to the holder of the access grant. While this grant can be restricted, we will keep things rather permissive for the purpose of this walkthrough.

Once the appropriate permissions have been selected, click “Encrypt My Access” to proceed. This will generate an encryption key that is used to secure the contents that are uploaded to the Storj network. You can provide your own passphrase or generate a new one.


Click “Download .txt” and then “Encrypt My Access” to finalize and generate your access grant. Copy the generated grant and save it somewhere safe for later use.

Manage a Bucket

Buckets are a common component for folks to manage in Terraform. The resource definition in Terraform is rather simple, simply provide the name of the bucket you wish to create.

resource "storj_bucket" "application_bucket" {
  bucket = "my-application-bucket"
}

Upload an Object

Once a bucket is available, you can upload an object to it using the storj_object resource. You can point the resource at an existing file on disk, a raw string, or base64 encoded content. You can also provide additional metadata to attach to the object.

resource "storj_object" "application_bucket_object" {
  bucket = storj_bucket.application_bucket.bucket
  key = "path/to/object.json"

  # one of
  source = "path/to/object.json"
  content = "raw content"
  content_base64 = "cmF3IGNvbnRlbnQ=" 

  metadata = {
    "key1" = "value1"
    "key2" = "value2"
  }
}

Derive a New Access Grant

Finally, we rarely want to provide an application with unrestricted access to an entire bucket. Using the storj_access_grant resource, we can derive a new access grant from the provided one that’s specific to the application and limited to a new set of permissions (must be a subset of the provided access grants permissions).

resource "storj_access_grant" "terraform_grant" {
  access_grant = var.storj_access_grant

  bucket {
    name = storj_bucket.application_bucket.bucket
    paths = []
  }

  allow_download = true
  allow_upload = true
  allow_list = true
  allow_delete = true
}

By using the storj_access_grant resource, we can easily rotate access grants that are provided to applications by tainting the resource in Terraform.

Conclusion

Whether you’re an existing customer or a new one, the Storj Terraform provider provides a more integrated experience when it comes to managing the buckets your applications consume and access grants they use. This is a greenfield project that’s just getting started and we hope you’ll give it a try. Should you have any feedback or feature requests, please reach out to us by:

Share this blog post

Build on the
decentralized cloud.

Kickstart your next project and grow your revenue with this high-converting, beautifully crafted template.
Start for free