Quickstart

Prerequisites

Terraform >= 1.5
Tenant identifier (for example acme)
Org-level API key for control-plane API access (recommended for CI/CD)

Install provider

terraform {
  required_version = ">= 1.5"
 
  required_providers {
    thoth = {
      source  = "atensecurity/thoth"
      version = ">= 0.1.11"
    }
  }
}

Configure provider

provider "thoth" {
  tenant_id   = var.tenant_id
  apex_domain = "atensecurity.com" # optional
}

When api_base_url is omitted, the provider derives:

https://grid.<tenant_id>.<apex_domain>

Set api_base_url only when you need an explicit endpoint override.

API key file alternative

Use org_api_key_file instead of placing values directly in HCL:

provider "thoth" {
  tenant_id        = var.tenant_id
  org_api_key_file = pathexpand("~/.thoth/org-api-key.txt")
}

Environment variable alternative

You can export THOTH_API_KEY and omit provider auth fields:

export THOTH_API_KEY="aten_thoth_<env>_<token>"
export THOTH_TENANT_ID="acme"

THOTH_API_KEY must be an org-scoped key. THOTH_TENANT_ID is used when tenant_id is omitted.

provider "thoth" {}

Bearer token compatibility

admin_bearer_token and admin_bearer_token_file remain supported for interactive/admin session workflows. Configure either bearer token auth or org API key auth.

Minimal resource example

resource "thoth_governance_settings" "baseline" {
  compliance_profile = "soc2"
  shadow_low         = "allow"
  shadow_medium      = "step_up"
  shadow_high        = "block"
  shadow_critical    = "block"
}

Quickstart

On this page