The portainer_cloud_credentials resource allows you to provision cloud credentials in Portainer for use with providers like AWS, DigitalOcean, Civo, etc.
Currently working only for Portainer BE edition
resource "portainer_cloud_credentials" "example" {
name = "example-aws-creds"
cloud_provider = "aws"
credentials = jsonencode({
accessKeyId = "your-access-key"
secretAccessKey = "your-secret-key"
region = "eu-central-1"
})
}Cloud credentials are created via the /cloud/credentials API.
You can only delete credentials if they are not attached to any endpoint.
If deletion fails due to attached endpoints, an error will be thrown.
Credential values are considered sensitive and write-only.
- To destroy credentials (if unused by Portainer endpoints):
terraform destroy- To update cloud credentials, update the relevant fields and re-apply:
terraform apply| Name | Type | Required | Description |
|---|---|---|---|
name |
string | ✅ yes | Human-readable name for the cloud credentials |
cloud_provider |
string | ✅ yes | Provider name (aws, digitalocean, civo, gcp, etc.) |
credentials |
string | ✅ yes | JSON-encoded credentials payload (use jsonencode({ ... })) |
| Name | Description |
|---|---|
id |
ID of the created cloud credentials |