How To Store Terraform State in Consul KV Store

Posted on 239 views

Terraform stores its configuration and information about the infrastructure it manages in a file called state file. The state is used to keep track of the metadata and to map actual resources to a configuration. By default, you’ll have this state file locally in your projects folder, named terraform.tfstate.

It is a security recommendation to keep Terraform states in a highly available remote data storage location. A remote state enables sharing between team members. Terraform supports storing state in:

  • Terraform Cloud
  • HashiCorp Consul
  • Amazon S3
  • Google Cloud Storage (GCS)
  • Alibaba Cloud OSS
  • Swift
  • Etcd
  • http
  • Among others

In this guide, we’ll explore how you can store your Infrastructure state in HashiCorp Consul KV data store. This backend supports state locking and good for state sharing among team members.

Step 1: Setup Consul Cluster

You need to have a working Consul cluster before you can proceed with the setup. We have complete articles only focused on installation:

Step 2: Configure Terraform to use Consul

Edit your Terraform file and configure Consul backend store.

# Backend
#  backend "local" 
#    path = "terraform.tfstate"

  backend "consul" 
    address  = ""
    scheme   = "http"
    path     = "tf/terraform.tfstate"
    lock     = true
    gzip     = false


  • is the URL to your Consul cluster
  • tf/terraform.tfstate is path in the Consul KV store.
  • lock – Locks your state for all operations that could write state
  • gzip – Used to compress the state data using gzip

If you have ACL authentication, you need to set:

  • access_token / CONSUL_HTTP_TOKEN – (Required) Access token

Initialize your new or existing Terraform working directory:

$ terraform init -upgrade=true
Upgrading modules...
Initializing the backend...

Successfully configured the backend "consul"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

$ terraform apply

If you navigate to Key/Value section in your Consul UI, you’ll see the path written.


You can read the contents of the state file:


Ref: Consul Backend configuration for Terraform

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.