From JFrog Artifactory 7.38.4, the Terraform Backend repository serves as a dedicated Remote State Storage Provider. It works together with and in parallel to the Terraform registry, which also serves as the dedicated Terraform registry for hosting your modules and providers in the JFrog Platform. For more information, see Terraform Backends.
Each Terraform Module can have an associated Backend that defines how operations are executed and a state file that tracks the resources created by your configuration and maps them to real-world resources. Certain backends support multiple named workspaces, allowing multiple states to be associated with a single configuration. The configuration still has only one backend, but multiple distinct instances of that configuration can be deployed without configuring a new backend or changing authentication credentials.
JFrog Artifactory provides encryption for Terraform state files stored in its backend repositories. The state files are encrypted using the Master key. This encryption ensures that sensitive data within the Terraform state files is protected from unauthorized access. It is crucial to safeguard the master.key. If the master.key is lost the state files that rely on it for encryption will be unrecoverable. Therefore, proper measures should be taken to securely backup the master.key to prevent the loss of data secured by encryption.
Did you know?
Each Terraform configuration can specify a backend, which defines where and how operations are performed including where the snapshots are stored and more. Terraform uses persistent State data to keep track of the resources it manages and includes information on how real-world infrastructure objects correspond to the resources in a configuration. All users working on the collection of infrastructure resources need access to the same state data. For more information, see Terraform States.
State Locking
Terraform automatically locks all your operations that have the capability to change the State to prevent others from acquiring the lock and potentially damaging your state. To learn how Artifactory supports State Locking, see Viewing State and Lock Information and History
JFrog Terraform Backend Repository Meets the Hashicorp Standards
In the first half of 2022, Hashicorp announced the deprecation of a number of legacy providers, including the legacy artifactory provider, which served as a basic backend that only stored States in a generic JFrog repository, created and maintained by Hashicorp.
To avoid confusion, please note that the official JFrog Artifactory Terraform Backend repository, described in this article, is unaffected by the Hashicorp artifactory backend provider deprecation action.
As part of JFrog's alignment with the common Hashicorp main practices, the JFrog Terraform Backend repository supports the official Hashicorp enterprise-grade Terraform backend provider, and supports features such as locking, encoding of the data, smart comparisons, and additional common practices.
Federated Repositories Not Supported for Artifactory Backend Repositories
It is not possible to connect a Terraform Backend repository to a Federated repository. This limitation prevents inconsistencies in the system state, which could lead to unexpected behavior or errors.
Note
Replication of Terraform Backend Repositories is fully supported from Artifactory version 7.77.x and later.