Resource
bahriya_project
The namespace that groups containers, secrets, registries, and cache instances. Define regions, and let the platform manage namespace quotas.
Terraform Provider
Your infrastructure, declared in code
The official Bahriya provider for HashiCorp Terraform. Define projects, containers, secrets, registries, Memcached, vault items, and config items in .tf files, review changes in pull requests, and apply them from a pipeline — alongside the rest of your infrastructure.
Published on the HashiCorp Registry
Install the provider with terraform init— no manual downloads, no local builds. The provider is published on the HashiCorp Terraform Registry with cross-platform binaries for Linux, macOS, Windows, and FreeBSD on AMD64 and ARM64.
Full resource coverage
Every resource type on the platform is supported: projects, HTTP containers, workers, cron jobs, registries, secrets, Memcached, vault items (TLS bundles, X.509 certs, GPG and SSH keypairs, encryption keys), and config items (env files, YAML / JSON / plain text). Three data sources round it out — query your organisation, look up a region, or list all regions with a status filter.
Composable with your stack
Bahriya resources sit alongside your DNS provider, monitoring, CI/CD, and anything else you manage with Terraform. One plan, one apply, one state file. No context-switching between tools.
Built for CI/CD
Set BAHRIYA_TOKEN and BAHRIYA_ORGANISATION_ID as pipeline secrets. Run terraform plan on pull requests and terraform applyon merge — no interactive prompts, no manual steps.
Resources
Full coverage of the Bahriya platform
Every resource type on the platform — with create, read, update, delete, and import. Three data sources for dynamic lookups.
Resource
bahriya_container
HTTP services, background workers, and scheduled cron jobs. Supports autoscaling, environment variables, secrets, custom hostnames, rate limiting, basic auth, Prometheus scraping, proxy caching, init jobs, and persistent volumes.
Resource
bahriya_memcached
Managed Memcached instances with configurable memory, node count, cluster mode, connection limits, and item size. Accessible within your project on port 11211.
Resource
bahriya_registry
Credentials for pulling images from private container registries — GitHub, Docker Hub, AWS ECR, or any OCI-compatible registry.
Resource
bahriya_secret
Encrypted values injected into containers as environment variables. Secrets are encrypted at rest and never returned in plaintext by the API.
Resources
Vault items
TLS bundles, X.509 certs, GPG keypairs, SSH keypairs, and encryption keys. Versioned with rotation history; mount into containers as files or attach to projects to share across regions.
Resources
Config items
Env files (injected as env vars), YAML, JSON, and plain text configs (mounted as files). Update content in your .tf, run apply, and file-mounted containers pick up the new version automatically.
Resource
Project attachments
bahriya_project_*_attachmentresources bind a vault or config item to a project, making it available in the project's regions. Detach with one line — the API blocks detach if a container still references the item.
Data sources
Organisation, Region, Regions
Look up your current organisation, query a region by ID, or list all active regions. Use the regions data source to dynamically select deployment targets.
Getting started
From zero to deployed in minutes
Add the provider, set two environment variables, and start defining resources.
Configure
main.tf
terraform {
required_providers {
bahriya = {
source = "bahriya-cloud/bahriya"
version = "~> 0.1"
}
}
}
provider "bahriya" {}
terminal
$ export BAHRIYA_TOKEN="pat_..."
$ export BAHRIYA_ORGANISATION_ID="..."
$ terraform init
Deploy
main.tf
resource "bahriya_project" "web" {
handle = "web-prod"
name = "Web Production"
regions = ["falkenstein-1"]
}
resource "bahriya_container" "api" {
handle = "api"
name = "API Server"
image = "nginx:alpine"
containerport = "80"
healthcheckpath = "/"
mincpu = "100"
minmemory = "128"
autoscalingminreplicas = "1"
activeregions = ["falkenstein-1"]
project = bahriya_project.web.id
}
Workflow
Preview every change before it happens
Terraform's plan/apply cycle shows you exactly what will be created, updated, or destroyed — before anything changes.
terminal
$ terraform plan
Terraform will perform the following actions:
# bahriya_project.web will be created
+ resource "bahriya_project" "web" {
+ handle = "web-prod"
+ name = "Web Production"
+ regions = ["falkenstein-1"]
}
# bahriya_container.api will be created
+ resource "bahriya_container" "api" {
+ handle = "api"
+ image = "nginx:alpine"
+ containerport = "80"
+ status = (known after apply)
}
Plan: 2 to add, 0 to change, 0 to destroy.
$ terraform apply
bahriya_project.web: Creating...
bahriya_project.web: Creation complete [id=065df92e-...]
bahriya_container.api: Creating...
bahriya_container.api: Still creating... [2m0s elapsed]
bahriya_container.api: Creation complete [id=17a3c8b1-...]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Why teams choose Terraform for Bahriya
Version-controlled infrastructure
Commit your .tf files alongside application code. Review infrastructure changes in pull requests with the same process you use for code.
Repeatable environments
Spin up identical staging and production environments from the same configuration. No drift, no manual steps, no surprises.
Composable with everything
Manage Bahriya resources alongside DNS, monitoring, CI/CD, and other cloud providers in a single Terraform workspace.
Import existing resources
Already running on Bahriya? Import your existing projects, containers, and secrets into Terraform state without recreating them.
Documentation
Full provider documentation
Installation guides, per-resource examples, field references, and a complete working configuration covering every resource type.
Define your infrastructure in code
Install the Bahriya Terraform provider and start managing your infrastructure declaratively.