Skip to main content

Manage Ory Network with Terraform

Official Ory provider

Unlike most pages in this section, the Terraform provider is officially maintained by Ory Engineering. The canonical, always-current reference is the provider documentation on the Terraform Registry. This page is a quick-start orientation; the registry docs win if they disagree.

The official ory/ory Terraform provider manages Ory Network resources as infrastructure-as-code — identity schemas, OAuth2 clients, project configuration, identities, organizations, permissions, and webhooks. Source lives at github.com/ory/terraform-provider-ory.

The provider is also published on the OpenTofu registry under the same ory/ory source, so the configuration below works identically under tofu.

note

This provider targets Ory Network only — it does not manage self-hosted Ory deployments. For self-hosted, use the Helm charts or raw Kubernetes manifests.

Quick start

terraform {
  required_providers {
    ory = {
      source  = "ory/ory"
      version = "~> 1.0"
    }
  }
}

provider "ory" {
  # Or set the ORY_API_KEY env var.
  api_key = var.ory_api_key
  # Project slug or SDK URL — also via ORY_PROJECT / ORY_SDK_URL.
  project = var.ory_project_slug
}

A canonical example layout — with ory_identity_schema, ory_oauth2_client, ory_project_config, and ory_webhook resources plus a multi-environment module — is published in the provider repository's examples/ directory.

Notable behaviours

  • Many ory_project_config attributes were renamed to follow the OpenAPI spec naming convention. Old names still work but emit deprecation warnings; the migration script in the provider repo rewrites your .tf files.
  • Ory uses two API key types — Workspace API keys and Project API keys. Use the right key for the right resource: Workspace keys can manage projects, Project keys can manage in-project resources.
  • Existing resources created via the Ory Console or CLI can be adopted with terraform import ory_<resource>.<name> <id>.

Resources

Ory Network

The largest Identity and Access Management network in the world. So you can get back to building your business.

Sign up for free