Knox is a simple and secure Terraform backend.
- Simple: Knox is a simple and secure Terraform backend.
- Secure: Knox uses a secure and encrypted storage backend.
- Fast: Knox is fast and lightweight.
- Versioned: Knox supports versioning of the Terraform state.
Knox has a team-based management of the Terraform state. It is designed to be used in a multi-team environment where each team has its own workspace.
Knox is using OpenFGA as authorization backend.
To use Knox as a Terraform backend, you need to configure the backend in your Terraform configuration file.
The url contains the team/project/environment name. The team is the team name, the project is the project name, and the environment is the environment name.
terraform {
backend "http" {
username = "super"
password = "secret"
address = "http://localhost:8084/client/zeiss/demo/dev/state"
lock_address = "http://localhost:8084/client/zeiss/demo/dev/lock"
unlock_address = "http://localhost:8084/client/zeiss/demo/dev/unlock"
lock_method = "POST"
unlock_method = "POST"
}
}There is a Helm chart available for Knox. You can find it in the helm/charts directory.
Knox requires a PostgreSQL database to store the state. CockroachDB is recommended for production use.
helm repo add knox https://zeiss.github.io/knox/helm/charts
helm repo update
helm search repo knox