---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "tor_obfs4_state Resource - tor"
subcategory: ""
description: |-
  Generates obfs4 state and certificate for Tor bridges using external relay identity keys
---

# tor_obfs4_state (Resource)

Generates obfs4 state and certificate for Tor bridges using external relay identity keys

## Example Usage

```terraform
terraform {
  required_providers {
    tor = {
      source = "guardianproject/tor"
    }
  }
}

provider "tor" {}

# Example: Generate obfs4 state using existing identity keys
resource "tor_relay_identity_rsa" "bridge" {}

resource "tor_relay_identity_ed25519" "bridge" {}

resource "tor_obfs4_state" "example" {
  rsa_identity_private_key     = tor_relay_identity_rsa.bridge.private_key_pem
  ed25519_identity_private_key = tor_relay_identity_ed25519.bridge.private_key_pem
}

output "certificate" {
  description = "obfs4 certificate for bridge line generation"
  value       = tor_obfs4_state.example.certificate
}

output "iat_mode" {
  description = "obfs4 IAT mode setting"
  value       = tor_obfs4_state.example.iat_mode
}

output "state_json" {
  description = "Complete obfs4 state in JSON format"
  value       = tor_obfs4_state.example.state_json
  sensitive   = true
}

# Example: Generate complete bridge line using all components
data "tor_obfs4_bridge_line" "example" {
  ip_address                = "203.0.113.1"
  port                      = 9001
  identity_fingerprint_sha1 = tor_relay_identity_rsa.bridge.public_key_fingerprint_sha1
  obfs4_state_certificate   = tor_obfs4_state.example.certificate
  obfs4_state_iat_mode      = tor_obfs4_state.example.iat_mode
}

output "bridge_line" {
  description = "Complete bridge line for clients"
  value       = data.tor_obfs4_bridge_line.example.bridge_line
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `ed25519_identity_private_key` (String, Sensitive) Ed25519 identity private key in PEM format (from tor_relay_identity_ed25519 resource)
- `rsa_identity_private_key` (String, Sensitive) RSA identity private key in PEM format (from tor_relay_identity_rsa resource)

### Optional

- `iat_mode` (Number) Inter-Arrival Time mode (0=none, 1=enabled, 2=paranoid)

### Read-Only

- `bridge_line` (String) Complete bridge line ready for client use (placeholder IP and fingerprint)
- `certificate` (String) Base64-encoded certificate for bridge lines
- `drbg_seed` (String, Sensitive) 24-byte DRBG seed in hex format
- `id` (String) Resource identifier
- `node_id` (String) 20-byte node ID in hex format
- `private_key` (String, Sensitive) 32-byte Curve25519 private key in hex format
- `public_key` (String) 32-byte Curve25519 public key in hex format
- `state_json` (String) Complete obfs4 state in JSON format