Skip to content

Commit 710c4c3

Browse files
loafoeloafoe
authored
Update README.md
1 parent 523ce62 commit 710c4c3

File tree

1 file changed

+8
-7
lines changed

1 file changed

+8
-7
lines changed

README.md

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
# terraform-backend-hsdp
22
An extendable HTTP backend implementation for terraform
33

4-
# Features
4+
## Features
55

66
* Encrypt state at rest with AES-256-GCM
77
* Extensible store: currently supports S3, more to come
88
* HSDP UAA integration: use LDAP / functional account credentials for auth
99
* Allow list support: restrict use of an instance backend to specific accounts
1010

11-
# Overview
11+
## Overview
1212

1313
The primary goal of this project is to offer storage of [Terraform state](https://www.terraform.io/docs/state/index.html) on the HSDP platform with little to no setup required.
1414
Currently, we use CF credentials to authenticate access to the backend.
@@ -18,18 +18,18 @@ Future iterations may introduce service key credentials similar to the HSDP Dock
1818

1919
The core is derived from [bhoriuchi/terraform-backend-http](https://github.com/bhoriuchi/terraform-backend-http)
2020

21-
# Install
21+
## Install
2222
When self-hosting, you should deploy both the S3 bucket and the application deployment
2323
in a separate space in order to limit who has access. Terraform state will contain operator
2424
level secrets so only operators within your organization should have access.
2525

26-
## Provision an S3 bucket
26+
### Provision an S3 bucket
2727
Create an S3 bucket:
2828
```shell
2929
cf cs hsdp-s3 s3_bucket my-tfstate-bucket
3030
```
3131

32-
## Deploy the service
32+
### Deploy the service
3333

3434
Use the following `manifest.yml` as an example
3535

@@ -62,13 +62,14 @@ cf push -f manifest.yml
6262
After a few seconds you should have a running backend
6363

6464
## Configuration
65+
6566
| Environment | Description | Required | Default |
6667
|-------------|-------------|----------|---------|
6768
| TFSTATE\_KEY | The encryption key for storage at rest | `Yes` | |
6869
| TFSTATE\_ALLOW\_LIST | Comma separated list of allows users | `No` |`""` (every valid LDAP user can access) |
6970
| TFSTATE\_REGIONS | The HSDP regions to validate LDAP accounts in | `No` | `"us-east,eu-west"` |
7071

71-
# Usage
72+
## Usage
7273

7374
### 1. Add a `backend.tf` to your terraform definition containing
7475

@@ -115,5 +116,5 @@ terraform apply
115116
...
116117
```
117118

118-
# License
119+
## License
119120
License is MIT

0 commit comments

Comments
 (0)