pomerium · ssveta7ak · Mar 26, 2025 · Mar 26, 2025 · Mar 26, 2025 · Mar 27, 2025
@@ -87,6 +87,26 @@ accessLogFields:
   - headers.content-type
 ```
 
+</TabItem>
+
+<TabItem label="Enterprise via Terraform" value="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings#access_log_fields-1)** | **Type** | **Default** |
+| :-- | :-- | :-- |
+| `accessLogFields` | Set of strings | See [Access Fields and Defaults](#access-fields-and-defaults) |
+
+### Examples
+
+```hcl
+access_log_fields = ["authority", "duration", "path"]
+```
+
+**Custom headers example**
+
+```hcl
+access_log_fields = ["headers.user-agent", "headers.content-type"]
+```
+
 </TabItem>
 </Tabs>
 

@@ -55,5 +55,18 @@ ADDRESS=:8443
 
 `address` is included in the deployment manifest and not customizable.
 
+</TabItem>
+<TabItem label="Enterprise via Terraform" value="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings#address-1)** | **Type** | **Default** |
+| :-- | :-- | :-- |
+| `address` | String | `:443` |
+
+### Examples
+
+```hcl
+address = ":8433"
+```
+
 </TabItem>
 </Tabs>
@@ -75,5 +75,18 @@ authenticate:
   callbackPath: /custom/callback
 ```
 
+</TabItem>
+<TabItem label="Enterprise via Terraform" value="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings)** | **Type** | **Usage** | **Default** |
+| :-- | :-- | :-- | :-- |
+| `authenticate_callback_path` | `string` | **optional** | `/oauth2/callback` |
+
+### Examples
+
+```hcl
+authenticate_callback_path = "/custom/callback"
+```
+
 </TabItem>
 </Tabs>
@@ -91,6 +91,19 @@ authorizeLogFields:
   - ip
 ```
 
+</TabItem>
+<TabItem label="Enterprise via Terraform" value="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings)** | **Type** | **Default** |
+| :-- | :-- | :-- |
+| `authorize_log_fields` | Set of string | See [Authorize Fields and Defaults](#authorize-log-fields-and-defaults) |
+
+### Examples
+
+```hcl
+authorize_log_fields = ["request-id", "path", "ip"]
+```
+
 </TabItem>
 </Tabs>
 

@@ -13,6 +13,9 @@ pagination_prev: null
 pagination_next: null
 ---
 
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
 # Autocert Settings
 
 The Autocert settings configure Pomerium to manage public-facing TLS certificates automatically, by integrating with a certificate authority (CA) that supports the [ACME protocol](https://datatracker.ietf.org/doc/html/rfc8555), such as [Let's Encrypt](https://letsencrypt.org/).
@@ -54,6 +57,9 @@ If you use Let's Encrypt as your CA, you agree to the [Let's Encrypt Subscriber
 
 ### How to configure {#autocert-how-to-configure}
 
+<Tabs>
+<TabItem label="Core" value="Core">
+
 | **Config file keys** | **Environment variables** | **Type**  | **Usage**    |
 | :------------------- | :------------------------ | :-------- | :----------- |
 | `autocert`           | `AUTOCERT`                | `boolean` | **optional** |
@@ -68,6 +74,22 @@ autocert: true
 AUTOCERT=TRUE
 ```
 
+</TabItem>
+<TabItem label="Enterprise via Terraform" value="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings)** | **Type** | **Usage** |
+| :-- | :-- | :-- |
+| `autocert` | Boolean | **optional** |
+
+### Examples
+
+```hcl
+autocert = true
+```
+
+</TabItem>
+</Tabs>
+
 ## Autocert CA {#autocert-ca}
 
 **Autocert CA** is the directory URL of the ACME CA to use when requesting certificates.
@@ -100,6 +122,9 @@ AUTOCERT_CA=https://acme.zerossl.com/v2/DV90
 
 ### How to configure {#autocert-directory-how-to-configure}
 
+<Tabs>
+<TabItem label="Core" value="Core">
+
 | **Config file keys** | **Environment variables** | **Type** | **Usage** |
 | :-- | :-- | :-- | :-- |
 | `autocert_dir` | `AUTOCERT_DIR` | \*`string` | \*\* **optional** |
@@ -130,6 +155,43 @@ autocert_dir: gs://your-bucket/some/prefix
 
 Credentials are sourced from [Google Application Default Credentials](https://cloud.google.com/docs/authentication/application-default-credentials).
 
+</TabItem>
+
+<TabItem label="Enterprise via Terraform" value="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings)** | **Type** | **Usage** |
+| :-- | :-- | :-- |
+| `autocert_dir` | \*`String` | \*\* **optional** |
+
+\* `String` must point to the directory path or URL of an S3 or GCS bucket.
+
+\*\* If you don't specify an Autocert directory, Pomerium will generate a directory by default based on your runtime environment. See [Defaults](#autocert-directory-defaults) for more information.
+
+#### Examples {#autocert-directory-examples}
+
+##### S3 bucket
+
+An S3 bucket can be used as storage by using a URL like:
+
+```hcl
+autocert_dir = "s3://your-bucket.s3.us-east-1.amazonaws.com/some/prefix"
+```
+
+Credentials are sourced from [the environment](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/config#EnvConfig).
+
+##### GCS bucket
+
+A Google Cloud Storage bucket can be used as storage by using a URL like:
+
+```hcl
+autocert_dir = "gs://your-bucket/some/prefix"
+```
+
+Credentials are sourced from [Google Application Default Credentials](https://cloud.google.com/docs/authentication/application-default-credentials).
+
+</TabItem>
+</Tabs>
+
 ### Defaults {#autocert-directory-defaults}
 
 | **Default paths** | **Value** |

@@ -94,6 +94,21 @@ certificates: pomerium/wildcard-localhost
 See Kubernetes [TLS Certificates](/docs/deploy/k8s/ingress#tls-certificates) for more information.
 
 </TabItem>
+<TabItem value="Enterprise via Terraform" label="Enterprise via Terraform">
+
+```hcl
+resource "pomerium_key_pair" "wildcard-localhost" {
+  namespace_id = pomerium_namespace.test_namespace.id
+  name         = "wildcard-localhost-key-pair"
+  certificate  = file("wildcard.localhost.pomerium.io.pem")
+  key          = file("wildcard.localhost.pomerium.io-key.pem")
+}
+```
+
+See Pomerium Terraform Provider [pomerium_key_pair](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/key_pair) for more information.
+
+</TabItem>
+
 </Tabs>
 
 :::note
@@ -150,5 +165,20 @@ Configure **Certificate Authority** in the Enterprise Console:
 
 Kubernetes does not support `certificate_authority`
 
+</TabItem>
+<TabItem label="Enterprise via Terraform" value="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings)** | **Type** | **Usage** |
+| :-- | :-- | :-- |
+| `certificate_authority` | String | **optional** |
+| `certificate_authority_file` | String | **optional** |
+
+### Examples
+
+```hcl
+certificate_authority = "base64-encoded-string"
+certificate_authority_file = "/relative/file/location"
+```
+
 </TabItem>
 </Tabs>
@@ -64,6 +64,19 @@ cookie:
   name: cookie_name
 ```
 
+</TabItem>
+<TabItem value="Enterprise via Terraform" label="Enterprise via Terraform">
+
+| **[Parameter name](/docs/deploy/k8s/reference#cookie)** | **Type** | **Default** |
+| :-- | :-- | :-- |
+| `cookie_name` | `string` | `_pomerium` |
+
+#### Examples {#cookie-name-examples}
+
+```hcl
+cookie_name = "cookie_name"
+```
+
 </TabItem>
 </Tabs>
 
@@ -108,6 +121,19 @@ COOKIE_SECRET=tdkuWzUelRukP/6VYzopfh6kis7y5u5Ldl3MrIq9ZR0=
 
 See Kubernetes [bootstrap secrets](/docs/deploy/k8s/configure#bootstrap-secrets) for more information.
 
+</TabItem>
+<TabItem value="Enterprise via Terraform" label="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings)** | **Type** | **Usage** |
+| :-- | :-- | :-- |
+| `cookie_secret` | `String` | **optional** |
+
+#### Examples {#cookie-name-examples}
+
+```hcl
+cookie_secret = "tdkuWzUelRukP/6VYzopfh6kis7y5u5Ldl3MrIq9ZR0="
+```
+
 </TabItem>
 </Tabs>
 
@@ -155,6 +181,19 @@ cookie:
   domain: localhost.pomerium.io
 ```
 
+</TabItem>
+<TabItem value="Enterprise via Terraform" label="Enterprise via Terraform">
+
+| **[Parameter name](/docs/deploy/k8s/reference#cookie)** | **Type** | **Usage** | **Default** |
+| :-- | :-- | :-- | :-- |
+| `cookie_domain` | `String` | **optional** | The host that set the cookie |
+
+#### Examples {#cookie-domain-examples}
+
+```hcl
+cookie_domain = "localhost.pomerium.io"
+```
+
 </TabItem>
 </Tabs>
 
@@ -206,6 +245,19 @@ cookie:
   httpOnly: false
 ```
 
+</TabItem>
+<TabItem value="Enterprise via Terraform" label="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings)** | **Type** | **Default** |
+| :-- | :-- | :-- |
+| `cookie_http_only ` | `boolean` | `true` |
+
+#### Examples {#cookie-http-only-examples}
+
+```hcl
+cookie_http_only = false
+```
+
 </TabItem>
 </Tabs>
 
@@ -251,6 +303,19 @@ cookie:
   expire: 13h15m0.5s
 ```
 
+</TabItem>
+<TabItem value="Enterprise via Terraform" label="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings)** | **Type** | **Default** |
+| :-- | :-- | :-- |
+| `cookie_expire ` | `string` ([Go Duration](https://golang.org/pkg/time/#Duration.String) formatting) | `14h` |
+
+#### Examples {#cookie-expiration-examples}
+
+```hcl
+cookie_expire = "13h15m0.5s"
+```
+
 </TabItem>
 </Tabs>
 
@@ -300,6 +365,19 @@ cookie:
   sameSite: None
 ```
 
+</TabItem>
+<TabItem value="Enterprise via Terraform" label="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings)** | **Type** | **Usage** | **Default** | **Options** |
+| :-- | :-- | :-- | :-- | :-- |
+| `cookie_same_site` | `String` | **optional** | ` Lax` (if unset) | See [Cookie SameSite Options](#cookie-samesite-options) |
+
+#### Examples {#cookie-samesite-examples}
+
+```hcl
+cookie_same_site = "Lax"
+```
+
 </TabItem>
 </Tabs>
 

@@ -51,6 +51,19 @@ Set **DNS Lookup Family** in the Console:
 
 Kubernetes does not support `dns_lookup_family`
 
+</TabItem>
+<TabItem value="Enterprise via Terraform" label="Enterprise via Terraform">
+
+| **[Parameter name](https://registry.terraform.io/providers/pomerium/pomerium/latest/docs/resources/settings)** | **Type** | **Default** |
+| :-- | :-- | :-- |
+| `dns_lookup_family` | String | `V4_PREFERRED` |
+
+### Examples
+
+```hcl
+default_lookup_family = "AUTO"
+```
+
 </TabItem>
 </Tabs>