In this video, I show how to manage Authentik resources with Terraform, including provider setup, outposts, and applications.
Instructions#
Prerequisites#
- Set secure variables for AUTHENTIK_URL and AUTHENTIK_TOKEN (do not hardcode tokens).
- Terraform project initialized for the goauthentik/authentik provider.
Provider configuration#
terraform {
authentik = {
source = "goauthentik/authentik"
version = "2025.6.0"
}
}
provider "authentik" {
url = var.AUTHENTIK_URL
token = var.AUTHENTIK_TOKEN
}
Add AUTHENTIK_URL and AUTHENTIK_TOKEN to your environment/secret manager and reference them as variables.
Create a proxy provider (example)#
- Lookup flows used by the provider via data resources, then create the proxy provider.
data "authentik_flow" "default-authorization-flow" {
slug = "default-provider-authorization-implicit-consent"
}
data "authentik_flow" "default-invlidation-flow" {
slug = "default-provider-invalidation-flow"
}
resource "authentik_provider_proxy" "nginx-test-1" {
name = "nginx_test_1"
mode = "forward_single" # proxy, forward_single, forward_domain
access_token_validity = "hours=24"
external_host = "https://nginx-test-1.srv-prod-1.home.clcreative.de"
authorization_flow = data.authentik_flow.default-authorization-flow.id
invalidation_flow = data.authentik_flow.default-invlidation-flow.id
}
Create an application#
resource "authentik_application" "nginx_test_1" {
name = "nginx_test_1"
slug = "nginx_test_1"
protocol_provider = authentik_provider_proxy.nginx-test-1.id
}
- Example Traefik middleware label:
traefik.http.routers.nginx-test-1.middlewares=authentik-prod-1-middleware@file
References#
- Authentik Tutorial: https://youtu.be/N5unsATNpJk
- Authentik Outposts: https://youtu.be/_I3hUI1JQP4
