terraform-provider-tor/docs/resources/obfs4_state.md

---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "tor_obfs4_state Resource - tor"
subcategory: ""
description: |-
  Generates obfs4 state and certificate for Tor bridges using external relay identity keys
---

# tor_obfs4_state (Resource)

Generates obfs4 state and certificate for Tor bridges using external relay identity keys

## Example Usage

```terraform
# Copyright (c) Abel Luck <abel@guardianproject.info>
# SPDX-License-Identifier: GPL-3.0-or-later

terraform {
  required_providers {
    tor = {
      source = "guardianproject/tor"
    }
  }
}

provider "tor" {}

# Example: Generate obfs4 state using existing identity keys
resource "tor_relay_identity_rsa" "bridge" {
  key_size = 2048
}

resource "tor_relay_identity_ed25519" "bridge" {}

resource "tor_obfs4_state" "example" {
  rsa_identity_private_key     = tor_relay_identity_rsa.bridge.private_key_pem
  ed25519_identity_private_key = tor_relay_identity_ed25519.bridge.private_key_pem
}

output "certificate" {
  description = "obfs4 certificate for bridge line generation"
  value       = tor_obfs4_state.example.certificate
}

output "iat_mode" {
  description = "obfs4 IAT mode setting"
  value       = tor_obfs4_state.example.iat_mode
}

output "state_json" {
  description = "Complete obfs4 state in JSON format"
  value       = tor_obfs4_state.example.state_json
  sensitive   = true
}

# Example: Generate complete bridge line using all components
data "tor_obfs4_bridge_line" "example" {
  ip_address                = "203.0.113.1"
  port                      = 9001
  identity_fingerprint_sha1 = tor_relay_identity_rsa.bridge.public_key_fingerprint_sha1
  obfs4_state_certificate   = tor_obfs4_state.example.certificate
  obfs4_state_iat_mode      = tor_obfs4_state.example.iat_mode
}

output "bridge_line" {
  description = "Complete bridge line for clients"
  value       = data.tor_obfs4_bridge_line.example.bridge_line
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `ed25519_identity_private_key` (String, Sensitive) Ed25519 identity private key in PEM format (from tor_relay_identity_ed25519 resource)
- `rsa_identity_private_key` (String, Sensitive) RSA identity private key in PEM format (from tor_relay_identity_rsa resource)

### Optional

- `iat_mode` (Number) Inter-Arrival Time mode (0=none, 1=enabled, 2=paranoid)

### Read-Only

- `bridge_line` (String) Complete bridge line ready for client use (placeholder IP and fingerprint)
- `certificate` (String) Base64-encoded certificate for bridge lines
- `drbg_seed` (String, Sensitive) 24-byte DRBG seed in hex format
- `id` (String) Resource identifier
- `node_id` (String) 20-byte node ID in hex format
- `private_key` (String, Sensitive) 32-byte Curve25519 private key in hex format
- `public_key` (String) 32-byte Curve25519 public key in hex format
- `state_json` (String) Complete obfs4 state in JSON format
First working version 2025-06-03 13:23:45 +02:00			`---`
			`# generated by https://github.com/hashicorp/terraform-plugin-docs`
			`page_title: "tor_obfs4_state Resource - tor"`
			`subcategory: ""`
			`description: \|-`
			`Generates obfs4 state and certificate for Tor bridges using external relay identity keys`
			`---`

			`# tor_obfs4_state (Resource)`

			`Generates obfs4 state and certificate for Tor bridges using external relay identity keys`

Complete examples 2025-06-03 13:33:14 +02:00			`## Example Usage`
First working version 2025-06-03 13:23:45 +02:00
Complete examples 2025-06-03 13:33:14 +02:00			```terraform
			`# Copyright (c) Abel Luck <abel@guardianproject.info>`
			`# SPDX-License-Identifier: GPL-3.0-or-later`

			`terraform {`
			`required_providers {`
			`tor = {`
			`source = "guardianproject/tor"`
			`}`
			`}`
			`}`

			`provider "tor" {}`

			`# Example: Generate obfs4 state using existing identity keys`
			`resource "tor_relay_identity_rsa" "bridge" {`
			`key_size = 2048`
			`}`

			`resource "tor_relay_identity_ed25519" "bridge" {}`

			`resource "tor_obfs4_state" "example" {`
			`rsa_identity_private_key = tor_relay_identity_rsa.bridge.private_key_pem`
			`ed25519_identity_private_key = tor_relay_identity_ed25519.bridge.private_key_pem`
			`}`

			`output "certificate" {`
			`description = "obfs4 certificate for bridge line generation"`
			`value = tor_obfs4_state.example.certificate`
			`}`

			`output "iat_mode" {`
			`description = "obfs4 IAT mode setting"`
			`value = tor_obfs4_state.example.iat_mode`
			`}`

			`output "state_json" {`
			`description = "Complete obfs4 state in JSON format"`
			`value = tor_obfs4_state.example.state_json`
			`sensitive = true`
			`}`

			`# Example: Generate complete bridge line using all components`
			`data "tor_obfs4_bridge_line" "example" {`
			`ip_address = "203.0.113.1"`
			`port = 9001`
			`identity_fingerprint_sha1 = tor_relay_identity_rsa.bridge.public_key_fingerprint_sha1`
			`obfs4_state_certificate = tor_obfs4_state.example.certificate`
			`obfs4_state_iat_mode = tor_obfs4_state.example.iat_mode`
			`}`

			`output "bridge_line" {`
			`description = "Complete bridge line for clients"`
			`value = data.tor_obfs4_bridge_line.example.bridge_line`
			`}`
			```
First working version 2025-06-03 13:23:45 +02:00
			`<!-- schema generated by tfplugindocs -->`
			`## Schema`

			`### Required`

			- `ed25519_identity_private_key` (String, Sensitive) Ed25519 identity private key in PEM format (from tor_relay_identity_ed25519 resource)
			- `rsa_identity_private_key` (String, Sensitive) RSA identity private key in PEM format (from tor_relay_identity_rsa resource)

			`### Optional`

			- `iat_mode` (Number) Inter-Arrival Time mode (0=none, 1=enabled, 2=paranoid)

			`### Read-Only`

			- `bridge_line` (String) Complete bridge line ready for client use (placeholder IP and fingerprint)
			- `certificate` (String) Base64-encoded certificate for bridge lines
			- `drbg_seed` (String, Sensitive) 24-byte DRBG seed in hex format
			- `id` (String) Resource identifier
			- `node_id` (String) 20-byte node ID in hex format
			- `private_key` (String, Sensitive) 32-byte Curve25519 private key in hex format
			- `public_key` (String) 32-byte Curve25519 public key in hex format
			- `state_json` (String) Complete obfs4 state in JSON format