OTS: Open Terraforming Server

A prototype open source alternative to terraform enterprise.

Functionality is currently limited:

  • State backend (state stored in a sqlite database)
  • Workspace management (supports terraform workspace commands)
  • Local execution mode (plans and applies run locally)

Getting Started

These steps will get you started with running everything on your local system. You'll setup the server, configure SSL so that terraform trusts the server, and then configure terraform. You'll then be able to run terraform commands using the server as a remote backend.


  1. Download and extract a release.

  2. Generate SSL cert and key. For example, to generate a self-signed cert and key for localhost:

    openssl req -x509 -newkey rsa:4096 -sha256 -keyout key.pem -out cert.crt -days 365 -nodes -subj '/CN=localhost' -addext 'subjectAltName=DNS:localhost'
  3. Ensure your system trusts the generated cert. For example, on Linux:

    sudo cp cert.crt /usr/local/share/ca-certificates
    sudo update-ca-certificates
  4. Run the OTS daemon:

    ./otsd -ssl -cert-file cert.crt -key-file key.pem

    The daemon runs in the foreground and can be left to run.

  5. In another terminal create an organization:

    curl -H"Accept: application/vnd.api+json" https://localhost:8080/api/v2/organizations -d'{
      "data": {
        "type": "organizations",
        "attributes": {
          "name": "mycorp",
          "email": "[email protected]"
  6. Enter some dummy credentials (this is necessary otherwise terraform will complain):

    cat > ~/.terraform.d/credentials.tfrc.json <<EOF
      "credentials": {
        "localhost:8080": {
          "token": "dummy"
  7. Configure the terraform backend and define a resource:

    cat > main.tf <<EOF
    terraform {
      backend "remote" {
        hostname = "localhost:8080"
        organization = "mycorp"
        workspaces {
          name = "dev"
    resource "null_resource" "e2e" {}
  8. Run terraform!:

    terraform init
    terraform plan
    terraform apply

Next Steps

OTS is a mere prototype but a roadmap of further features could be:

  • User AuthN/Z
  • Remote execution mode
  • Agents
  • Github integration
  • Policies (OPA?)
  • Web frontend


You'll need Go installed.

Clone the repo, and then build and install the binary using the make task:

git clone https://github.com/leg100/ots
cd ots
make install

That'll create a binary inside your go bins directory (defaults to $HOME/go/bin).