2 – Track your history
In the Initialize Terraform tutorial, you created and applied basic Cloudflare configuration. Now you'll store this configuration in version control for tracking, peer review, and rollback capabilities.
Remove credentials from your Terraform files before committing to version control. The Cloudflare provider v5 reads authentication from environment variables automatically.
Update your main.tf
file to remove the hardcoded API token:
terraform { required_providers { cloudflare = { source = "cloudflare/cloudflare" version = "~> 5" } }}
provider "cloudflare" { # API token will be read from CLOUDFLARE_API_TOKEN environment variable}
variable "zone_id" { description = "Cloudflare Zone ID" type = string sensitive = true}
variable "account_id" { description = "Cloudflare Account ID" type = string sensitive = true}
variable "domain" { description = "Domain name" type = string default = "example.com"}
resource "cloudflare_dns_record" "www" { zone_id = var.zone_id name = "www" content = "203.0.113.10" type = "A" ttl = 1 proxied = true comment = "Domain verification record"}
Update your terraform.tfvars
file:
zone_id = "your-zone-id-here"account_id = "your-account-id-here"domain = "your-domain.com"
Ensure your API token is set as an environment variable:
export CLOUDFLARE_API_TOKEN="your-api-token-here"
Verify authentication works:
terraform plan
You may see changes detected as Terraform compares your new variable-based configuration with the existing resources. This is normal when migrating from hardcoded values to variables:
# cloudflare_dns_record.www will be updated in-place~ resource "cloudflare_dns_record" "www" { ~ name = "www.your-domain.com" -> "www" ~ zone_id = (sensitive value) # (other attributes may show changes)}
Plan: 0 to add, 1 to change, 0 to destroy.
Create a .gitignore
file with these contents:
.terraform/*.tfstate*.terraform.lock.hclterraform.tfvars
Initialize Git and commit your configuration:
git initgit add main.tf .gitignoregit commit -m "Initial Terraform v5 configuration"
Create a GitHub repository (via web interface or GitHub CLI) and push:
git branch -M maingit remote add origin https://github.com/YOUR_USERNAME/cf-config.gitgit push -u origin main
Your Terraform configuration is now version controlled and ready for team collaboration. The sensitive data (API tokens, zone IDs) remains secure and separate from your code.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-