Terraform Provider for Pinecone

The Terraform Provider for Pinecone allows Terraform to manage Pinecone resources including indexes, collections, API keys, and projects.

Note: We take Terraform's security and our users' trust very seriously. If you believe you have found a security issue in the Terraform Provider for Pinecone, please responsibly disclose it by contacting us.

Requirements

• Terraform >= v1.4.6
• Go >= 1.20. This is necessary to build the provider plugin.

Installing the provider

The provider is registered in the official Terraform registry. This enables the provider to be auto-installed when you run terraform init. You can also download the latest binary for your target platform from the releases tab.

Building the provider

Follow these steps to build the Terraform Provider for Pinecone:

1. Clone the repository using the following command:

   sh $ git clone https://github.com/pinecone-io/terraform-provider-pinecone
   

2. Build the provider using the following command. The install directory depends on the GOPATH environment variable.

   sh $ go install .  
   

Usage

You can enable the provider in your Terraform configuration by adding the following to your Terraform configuration file:

terraform {
  required_providers {
    pinecone = {
      source = "pinecone-io/pinecone"
    }
  }
}

Authentication

The Terraform Provider for Pinecone supports two types of authentication depending on the operations you need to perform:

Regular Operations (Indexes, Collections)

For managing indexes and collections, you need a Pinecone API Key.

As a PINECONE_API_KEY environment variable

You can configure the Pinecone client using environment variables to avoid setting sensitive values in the Terraform configuration file. To do so, set PINECONE_API_KEY to your Pinecone API Key. Then the provider declaration is simply:

provider "pinecone" {}

As part of the provider declaration

If your API key was set as an Input Variable, you can use that value in the declaration. For example:

provider "pinecone" {
  api_key = var.pinecone_api_key
}

Remember, your API Key should be a protected secret. See how to protect sensitive input variables when setting your API Key this way.

Admin Operations (API Key and Project Management)

For creating and managing API keys and projects, you need admin credentials (Client ID and Client Secret).

Using Environment Variables

Set the following environment variables:

• PINECONE_CLIENT_ID: Your Pinecone Client ID
• PINECONE_CLIENT_SECRET: Your Pinecone Client Secret

provider "pinecone" {}

Using Provider Configuration

provider "pinecone" {
  client_id     = var.pinecone_client_id
  client_secret = var.pinecone_client_secret
}

Example: Creating a Project

# Create a basic project
resource "pinecone_project" "example" {
  name = "my-production-project"
}

# Create a project with CMEK encryption
resource "pinecone_project" "encrypted" {
  name                        = "secure-project"
  force_encryption_with_cmek  = true
}

# Create a project with custom pod limits
resource "pinecone_project" "custom_pods" {
  name     = "high-capacity-project"
  max_pods = 10
}

Note: Admin credentials are required for API key and project management operations. Regular API keys cannot be used to create or manage other API keys or projects.

API Key Management

The Terraform Provider for Pinecone supports creating and managing Pinecone API keys. This is useful for automating the creation of API keys for different environments or applications.

Available Roles

The following roles can be assigned to API keys:

• ProjectEditor: Full access to project resources (default)
• ProjectViewer: Read-only access to project resources
• ControlPlaneEditor: Full access to control plane operations
• ControlPlaneViewer: Read-only access to control plane operations
• DataPlaneEditor: Full access to data plane operations
• DataPlaneViewer: Read-only access to data plane operations

Project Management

The Terraform Provider for Pinecone supports creating and managing Pinecone projects. This is useful for organizing your Pinecone resources and managing project-level configurations.

Project Features

• Project Creation: Create new projects with custom names
• CMEK Encryption: Enable customer-managed encryption keys for enhanced security
• Pod Limits: Configure maximum number of pods per project

Project Configuration Options

• name: The name of the project (required)
• force_encryption_with_cmek: Enable CMEK encryption (optional, cannot be disabled once enabled)
• max_pods: Maximum number of pods allowed in the project (optional, default varies by plan)

Note: Project management requires admin credentials (Client ID and Client Secret). Regular API keys cannot be used to manage projects.

Documentation

Documentation can be found on the Terraform Registry.

Examples

See the examples for example usage.

Support

Please create an issue for any support requests.

Contributing

Thank you to skyscrapr for developing this Terraform Provider. The original repository can be found at skyscrapr/terraform-provider-pinecone. He continues to be the primary developer of this codebase.

We welcome all contributions. If you identify issues or improvements, please create an issue or pull request.