Backblaze Terraform Quickstart Guide Backblaze Terraform Quickstart Guide

Backblaze Terraform Quickstart Guide

Jared Scott Jared Scott


Terraform is an open-source infrastructure as code (IaC) tool developed by HashiCorp. Instead of using imperative commands (step-by-step instructions), Terraform uses declarative code (“here’s what I want”). 


The Backblaze B2 Terraform provider allows you to do things like create and manage application keys, buckets, and upload files.



In order to use the Backblaze B2 Terraform provider you will need to first download a Terraform binary. You can find the appropriate binary for your platform on the Terraform download page.


You will also need a B2 account and credentials. You can follow the quick start if you’re new to B2 to walk you through the process.


Finally, you will need to set your Application Key and Application Key ID environmental variables for terraform to read at runtime.

$ export B2_APPLICATION_KEY_ID=0000000000000000000000000
$ export B2_APPLICATION_KEY=0000000000000000000000000000000

Creating an Application Key

If you’d like to use Terraform to create an access key, you can follow the example below. Save this code into a file called

terraform {
  required_version = ">= 0.13"
  required_providers {
    b2 = {
      source  = "Backblaze/b2"
      version = "~> 0.2"

provider "b2" {

resource "b2_application_key" "example" {
  key_name     = "test-b2-tfp-0000000000000000000"
  capabilities = ["readFiles"]

data "b2_application_key" "example" {
  key_name = b2_application_key.example.key_name

output "application_key" {
  value = data.b2_application_key.example

Once you’ve saved that file you need to first initialize the Terraform environment by running 

$ terraform init

You should see the following output:

$ terraform init

Initializing the backend...

Initializing provider plugins...
- Reusing previous version of backblaze/b2 from the dependency lock file
- Using previously-installed backblaze/b2 v0.2.1

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.


The next step is to create and run your Terraform plan, you can do that by running:

terraform plan -out=application_key.out


You will see the following output:

$ terraform plan -out=application_key.out

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
<= read (data resources)

Terraform will perform the following actions:

  # data.b2_application_key.example will be read during apply
  # (config refers to values not yet known)
<= data "b2_application_key" "example"  {
      + application_key_id = (known after apply)
      + bucket_id          = (known after apply)
      + capabilities       = (known after apply)
      + id                 = (known after apply)
      + key_name           = "test-b2-tfp-0000000000000000000"
      + name_prefix        = (known after apply)
      + options            = (known after apply)

  # b2_application_key.example will be created
  + resource "b2_application_key" "example" {
      + application_key    = (sensitive value)
      + application_key_id = (known after apply)
      + capabilities       = [
          + "readFiles",
      + id                 = (known after apply)
      + key_name           = "test-b2-tfp-0000000000000000000"
      + options            = (known after apply)

Plan: 1 to add, 0 to change, 0 to destroy.


This plan was saved to: application_key.out

To perform exactly these actions, run the following command to apply:
    terraform apply "application_key.out"

You can see that terraform is letting you know that it wants to add 1 key, change 0, and destroy 0. If you are satisfied with the plan, you can now apply it by running this command:

$ terraform apply application_key.out


You should see the following output:

$ terraform apply application_key.out
b2_application_key.example: Creating...
b2_application_key.example: Creation complete after 4s [id=0000000000000000000000000]
data.b2_application_key.example: Reading...
data.b2_application_key.example: Read complete after 4s [id=0000000000000000000000000]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path: terraform.tfstate

Congratulations, you just created a read only Application key with the Terraform B2 provider.


Cleaning up

If you'd like to cleanup the application key you just created, you can run the following command and then type yes when prompted.

$ terraform destroy


You should see the following output:

$ terraform destroy

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
- destroy

Terraform will perform the following actions:

# b2_application_key.example will be destroyed
- resource "b2_application_key" "example" {
- application_key = (sensitive value)
- application_key_id = "0000000000000000000000000" -> null
- capabilities = [
- "readFiles",
] -> null
- id = "0000000000000000000000000" -> null
- key_name = "test-b2-tfp-0000000000000000000" -> null
- options = [
- "s3",
] -> null

Plan: 0 to add, 0 to change, 1 to destroy.

Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.

Enter a value: yes

b2_application_key.example: Destroying... [id=0000000000000000000000000]
b2_application_key.example: Destruction complete after 3s

Destroy complete! Resources: 1 destroyed.