Manage Turnstile with Terraform
Terraform is a tool for building, changing, and versioning infrastructure, and provides components and documentation for building Cloudflare resources. Listed below are examples to help you get started with Turnstile using Terraform. For a more generalized guide on configuring Cloudflare and Terraform, visit our Getting Started with Terraform and Cloudflare blog post.
Create a Turnstile widget with Terraform
Create an API token
Create an API Token with the Account > Turnstile > Edit permission. Next, you need to export this secret in our environment variables:
$ export CLOUDFLARE_API_TOKEN=<YOUR_API_TOKEN>
Create a Turnstile widget
Example configuration:
cloudflare.tfterraform { required_providers { cloudflare = { source = "cloudflare/cloudflare" version = "~> 4" } }
}
variable "account_id" { description = "Your Cloudflare Account ID." # eg: 6be2041a37d48aaaa9c686434f1709f0
}
resource "cloudflare_turnstile_widget" "example" { account_id = var.account_id name = "My Terraform-managed widget" domains = ["example.com"] mode = "managed"
}
output "turnstile_example_sitekey" { description = "Sitekey" value = cloudflare_turnstile_widget.example.id # Note: the `id` is your sitekey.
}
output "turnstile_example_secretkey" { description = "Secret key" value = cloudflare_turnstile_widget.example.secret sensitive = true
}
Initialize Terraform and the Cloudflare provider
Run the command terraform init
to set up your Terraform working directory, enabling it to interact with Cloudflare services. This process involves downloading the required provider plugins, establishing backend storage for your state files, and creating a local .terraform
directory to store configuration data.
$ terraform initInitializing the backend...Initializing provider plugins...- Reusing previous version of cloudflare/cloudflare from the dependency lock file- Installing cloudflare/cloudflare v4.5.0...- Installed cloudflare/cloudflare v4.5.0 (self-signed, key ID C76001609EE3B136)Partner and community providers are signed by their developers.If you'd like to know more about provider signing, you can read about it here:https://www.terraform.io/docs/cli/plugins/signing.htmlTerraform has been successfully initialized!You may now begin working with Terraform. Try running "terraform plan" to seeany changes that are required for your infrastructure. All Terraform commandsshould now work.If you ever set or change modules or backend configuration for Terraform,rerun this command to reinitialize your working directory. If you forget, othercommands will detect it and remind you to do so if necessary.
Review the Terraform plan
You can run terraform plan
, which will output any proposed changes. This will prompt you for your Cloudflare Account ID. Make sure to review the plan carefully:
$ terraform planvar.account_idYour Cloudflare Account ID.Enter a value: 6be2041a37d48aaaa9c686434f1709f0Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:+ createTerraform will perform the following actions:# cloudflare_turnstile_widget.example will be created+ resource "cloudflare_turnstile_widget" "example" {+ account_id = "6be2041a37d48aaaa9c686434f1709f0"+ domains = [+ "example.com",]+ id = (known after apply)+ mode = "managed"+ name = "My Terraform-managed widget"+ secret = (sensitive value)}Plan: 1 to add, 0 to change, 0 to destroy.Changes to Outputs:+ turnstile_example_secretkey = (sensitive value)+ turnstile_example_sitekey = (known after apply)───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
Apply the Terraform changes
Once the changes look accurate and you are comfortable moving forward, apply them using the terraform apply
command:
$ terraform apply --auto-approvevar.account_idYour Cloudflare Account ID.Enter a value: 6be2041a37d48aaaa9c686434f1709f0Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:+ createTerraform will perform the following actions:# cloudflare_turnstile_widget.example will be created+ resource "cloudflare_turnstile_widget" "example" {+ account_id = "6be2041a37d48aaaa9c686434f1709f0"+ domains = [+ "example.com",]+ id = (known after apply)+ mode = "managed"+ name = "My Terraform-managed widget"+ secret = (sensitive value)}Plan: 1 to add, 0 to change, 0 to destroy.Changes to Outputs:+ turnstile_example_secretkey = (sensitive value)+ turnstile_example_sitekey = (known after apply)cloudflare_turnstile_widget.example: Creating...cloudflare_turnstile_widget.example: Creation complete after 1s [id=0x4AAAAAAAEe4wQdBshJxBeK]Apply complete! Resources: 1 added, 0 changed, 0 destroyed.Outputs:turnstile_example_secretkey = <sensitive>turnstile_example_sitekey = "0x4AAAAAAAEe4wQdBshJxBeK"
You have successfuly created a Turnstile widget. Go to the Cloudflare dashboard to view its configuration and analytics in a user-friendly interface.
Retrieve the secret key
Use terraform output
to get your secret key:
$ terraform output turnstile_example_secretkey"0x4AAAAAAAEe4xWueFq9yX8ypjlimbk1Db4"