Use Backblaze B2 Terraform
    • Dark
      Light

    Use Backblaze B2 Terraform

    • Dark
      Light

    Article Summary

    Terraform is an open-source infrastructure as code (IaC) tool that was developed by HashiCorp. Instead of using imperative commands (step-by-step instructions), Terraform uses declarative code, “here’s what I want.” 

    The Backblaze B2 Cloud Storage Terraform provider lets you create and manage application keys, buckets, and upload files.

    To use the Backblaze B2 Terraform provider, you must download a Terraform binary. You can find the appropriate binary for your platform here.

    Enable Backblaze B2

    Before you begin: You must have a Backblaze B2 Cloud Storage account. You can sign up here. If you already have a Backblaze account and the left navigation menu contains a B2 Cloud Storage section, your account is already enabled for Backblaze B2.

    1. Sign in to your Backblaze account.
    2. In the left navigation menu under Account, click My Settings.
    3. Under Enabled Products, select the checkbox to enable B2 Cloud Storage.
    4. Review the Terms and Conditions, and click OK to accept them. 

    Create an Application Key in the UI

    Application keys control access to your Backblaze B2 Cloud Storage account and the buckets that are contained in your account.

    1. Sign in to your Backblaze account.
    2. In the left navigation menu under Account, click Application Keys.
    3. Click Add a New Application Key, and enter an app key name.
      You cannot search an app key by this name; therefore, app key names are not required to be globally unique. 
    4. In the Allow Access to Bucket(s) dropdown menu, select All or a specific bucket.
    5. Select your access type (for example, Read and Write).
    6. Select the optional Allow List All Bucket Names checkbox (required for the Backblaze B2 S3-compatible API List Buckets operation).
    7. Click Create New Key, and note the resulting keyID and applicationKey values.
    Note
    When you create a new app key, the response contains the actual key string, for example N2Zug0evLcHDlh_L0Z0AJhiGGdY. You can always find the keyID on this page, but for security, the applicationKey appears only once. Make sure you copy and securely save this value elsewhere.

    Create an Application Key using Terraform

    1. Enter the following code changing the values as appropriate:
      terraform {
        required_version = ">= 0.13"
        required_providers {
          b2 = {
            source  = "Backblaze/b2"
            version = "~> 0.2"
          }
        }
      }
      
      provider "b2" {
      }
      
      resource "b2_application_key" "example" {
        key_name     = "test-b2-tfp-0000000000000000000"
        capabilities = ["readFiles"]
      }
      
      data "b2_application_key" "example" {
        key_name = b2_application_key.example.key_name
      }
      
      output "application_key" {
        value = data.b2_application_key.example
      }
    2. Save this code into a file called application_key.tf.
    3. Run the following command to initialize the Terraform environment:
      $ terraform init
      The following output is returned:
      $ terraform init
      
      Initializing the backend...
      
      Initializing provider plugins...
      - Reusing previous version of backblaze/b2 from the dependency lock file
      - Using previously-installed backblaze/b2 v0.2.1
      
      Terraform has been successfully initialized!
      
      You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work.
      
      If you ever set or change modules or backend configuration for Terraform,
      rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
    4. Run the following command to create and run your Terraform plan:
      terraform plan -out=application_key.out
      The following output is returned:
      $ terraform plan -out=application_key.out
      
      An execution plan has been generated and is shown below.
      Resource actions are indicated with the following symbols:
        + create
       <= read (data resources)
      
      Terraform will perform the following actions:
      
        # data.b2_application_key.example will be read during apply
        # (config refers to values not yet known)
       <= data "b2_application_key" "example"  {
            + application_key_id = (known after apply)
            + bucket_id          = (known after apply)
            + capabilities       = (known after apply)
            + id                 = (known after apply)
            + key_name           = "test-b2-tfp-0000000000000000000"
            + name_prefix        = (known after apply)
            + options            = (known after apply)
          }
      
        # b2_application_key.example will be created
        + resource "b2_application_key" "example" {
            + application_key    = (sensitive value)
            + application_key_id = (known after apply)
            + capabilities       = [
                + "readFiles",
              ]
            + id                 = (known after apply)
            + key_name           = "test-b2-tfp-0000000000000000000"
            + options            = (known after apply)
          }
      
      Plan: 1 to add, 0 to change, 0 to destroy.
      
      ------------------------------------------------------------------------
      
      This plan was saved to: application_key.out
      
      To perform exactly these actions, run the following command to apply:
          terraform apply "application_key.out"
      Terraform indicates that it wants to add 1 key, change 0, and destroy 0.
    5. If you are satisfied with the plan, run the following command to apply the plan:
      $ terraform apply application_key.out
      The following output is returned:
      $ terraform apply application_key.out
      b2_application_key.example: Creating...
      b2_application_key.example: Creation complete after 4s [id=0000000000000000000000000]
      data.b2_application_key.example: Reading...
      data.b2_application_key.example: Read complete after 4s [id=0000000000000000000000000]
      
      Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
      
      The state of your infrastructure has been saved to the path
      below. This state is required to modify and destroy your
      infrastructure, so keep it safe. To inspect the complete state
      use the `terraform show` command.
      
      State path: terraform.tfstate
    6. Run the following command to clean up the application key that you created, and enter yes when prompted:
      $ terraform destroy
      The following output is returned:
      $ terraform destroy
      
      An execution plan has been generated and is shown below.
      Resource actions are indicated with the following symbols:
      - destroy
      
      Terraform will perform the following actions:
      
      # b2_application_key.example will be destroyed
      - resource "b2_application_key" "example" {
      - application_key = (sensitive value)
      - application_key_id = "0000000000000000000000000" -> null
      - capabilities = [
      - "readFiles",
      ] -> null
      - id = "0000000000000000000000000" -> null
      - key_name = "test-b2-tfp-0000000000000000000" -> null
      - options = [
      - "s3",
      ] -> null
      }
      
      Plan: 0 to add, 0 to change, 1 to destroy.
      
      Do you really want to destroy all resources?
      Terraform will destroy all your managed infrastructure, as shown above.
      There is no undo. Only 'yes' will be accepted to confirm.
      
      Enter a value: yes
      
      b2_application_key.example: Destroying... [id=0000000000000000000000000]
      b2_application_key.example: Destruction complete after 3s
      
      Destroy complete! Resources: 1 destroyed.

    Set Environmental Variables

    Run the following command to set your application key and application key ID environmental variables to read at runtime:

    $ export B2_APPLICATION_KEY_ID=0000000000000000000000000
    $ export B2_APPLICATION_KEY=0000000000000000000000000000000