ops/terraform-provider-tor
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
terraform-provider-tor/docs/resources/obfs4_state.md
Abel Luck bd06c2e4b3 Update docs
2025-06-03 14:08:16 +02:00

2.7 KiB
Raw Permalink Blame History

page_title subcategory description
tor_obfs4_state Resource - tor Generates obfs4 state and certificate for Tor bridges using external relay identity keys

tor_obfs4_state (Resource)

Generates obfs4 state and certificate for Tor bridges using external relay identity keys

Example Usage

terraform {
  required_providers {
    tor = {
      source = "guardianproject/tor"
    }
  }
}

provider "tor" {}

# Example: Generate obfs4 state using existing identity keys
resource "tor_relay_identity_rsa" "bridge" {}

resource "tor_relay_identity_ed25519" "bridge" {}

resource "tor_obfs4_state" "example" {
  rsa_identity_private_key     = tor_relay_identity_rsa.bridge.private_key_pem
  ed25519_identity_private_key = tor_relay_identity_ed25519.bridge.private_key_pem
}

output "certificate" {
  description = "obfs4 certificate for bridge line generation"
  value       = tor_obfs4_state.example.certificate
}

output "iat_mode" {
  description = "obfs4 IAT mode setting"
  value       = tor_obfs4_state.example.iat_mode
}

output "state_json" {
  description = "Complete obfs4 state in JSON format"
  value       = tor_obfs4_state.example.state_json
  sensitive   = true
}

# Example: Generate complete bridge line using all components
data "tor_obfs4_bridge_line" "example" {
  ip_address                = "203.0.113.1"
  port                      = 9001
  identity_fingerprint_sha1 = tor_relay_identity_rsa.bridge.public_key_fingerprint_sha1
  obfs4_state_certificate   = tor_obfs4_state.example.certificate
  obfs4_state_iat_mode      = tor_obfs4_state.example.iat_mode
}

output "bridge_line" {
  description = "Complete bridge line for clients"
  value       = data.tor_obfs4_bridge_line.example.bridge_line
}

Schema

Required

  • ed25519_identity_private_key (String, Sensitive) Ed25519 identity private key in PEM format (from tor_relay_identity_ed25519 resource)
  • rsa_identity_private_key (String, Sensitive) RSA identity private key in PEM format (from tor_relay_identity_rsa resource)

Optional

  • iat_mode (Number) Inter-Arrival Time mode (0=none, 1=enabled, 2=paranoid)

Read-Only

  • bridge_line (String) Complete bridge line ready for client use (placeholder IP and fingerprint)
  • certificate (String) Base64-encoded certificate for bridge lines
  • drbg_seed (String, Sensitive) 24-byte DRBG seed in hex format
  • id (String) Resource identifier
  • node_id (String) 20-byte node ID in hex format
  • private_key (String, Sensitive) 32-byte Curve25519 private key in hex format
  • public_key (String) 32-byte Curve25519 public key in hex format
  • state_json (String) Complete obfs4 state in JSON format