bittner
bittner•2mo ago

Setting up Project and App from zero using Terraform Provider (Docker Compose)

I'm using the ZITADEL Docker Compose setup to develop locally, which I have set up roughly as documented at https://zitadel.com/docs/self-hosting/deploy/compose. Instead of having to log in onto the user interface, changing admin password, creating a project and apps, I want to configure the ZITADEL service in an automated fashion, e.g. using the Terraform Provider. https://zitadel.com/docs/guides/manage/terraform-provider The documentation says, I need a "service user with enough authorization" to get started. IIUC, this means that I have to log in first and create such a service account using the human admin user (which is clearly what I want to avoid). Is there a way to configure the container in a fully automatic fashion?
ZITADEL Docs
The ZITADEL Terraform Provider is a tool that allows you to manage ZITADEL resources through Terraform.
4 Replies
Rajat
Rajat•2mo ago
hey @bittner welcome to the server https://zitadel.com/docs/self-hosting/deploy/compose#docker-compose-with-service-account you can start cluster with a iam ownser human user AND a service user
No description
bawsky
bawsky•2mo ago
@bittner @Rajat I have this setup as well - here's my relevant bits, hope it helps. With this I get a service user with PAT and JWT key on the zitadel-data/ directory right after boot. As an added bonus, the admin human user has a pre-verified password easy to remember (Password1!) 
# docker-compose.yml
command: |
  start-from-init \
    --masterkey "MasterkeyNeedsToHave32Characters" \
    --steps /zitadel-init.yml
volumes:
  - ${PWD}/zitadel-init.yml:/zitadel-init.yml:ro
# docker-compose.yml
command: |
  start-from-init \
    --masterkey "MasterkeyNeedsToHave32Characters" \
    --steps /zitadel-init.yml
volumes:
  - ${PWD}/zitadel-init.yml:/zitadel-init.yml:ro
# zitadel-init.yml
FirstInstance:
  MachineKeyPath: /zitadel-data/machine-key.json
  PatPath: /zitadel-data/pat-key.json
  Org:
    Human:
      UserName: admin
      FirstName: ZITADEL
      LastName: Admin
      NickName:
      DisplayName:
      Email:
        Address: admin@zitadel.localhost
        Verified: true
      PreferredLanguage: en
      Gender:
      Phone:
        Number:
        Verified:
      Password: 'Password1!'
      PasswordChangeRequired: false
    Machine:
      Machine:
        Username: machine-admin
        Name: machine-admin
      MachineKey:
        ExpirationDate: "2050-01-01T00:00:00Z"
        Type: 1
      Pat:
        ExpirationDate: "2050-01-01T00:00:00Z"
# zitadel-init.yml
FirstInstance:
  MachineKeyPath: /zitadel-data/machine-key.json
  PatPath: /zitadel-data/pat-key.json
  Org:
    Human:
      UserName: admin
      FirstName: ZITADEL
      LastName: Admin
      NickName:
      DisplayName:
      Email:
        Address: admin@zitadel.localhost
        Verified: true
      PreferredLanguage: en
      Gender:
      Phone:
        Number:
        Verified:
      Password: 'Password1!'
      PasswordChangeRequired: false
    Machine:
      Machine:
        Username: machine-admin
        Name: machine-admin
      MachineKey:
        ExpirationDate: "2050-01-01T00:00:00Z"
        Type: 1
      Pat:
        ExpirationDate: "2050-01-01T00:00:00Z"
bawsky
bawsky•2mo ago
Here's a full working example that I use myself: https://gist.github.com/Drowze/61f73176f315fe51ef6ef4bee979d4f7
Gist
Zitadel local development
Zitadel local development. GitHub Gist: instantly share code, notes, and snippets.
Rajat
Rajat•2mo ago
thank you for sharing @bawsky 🙂

Did you find this page helpful?