From descope-skills
Manages Descope authentication projects using Terraform for IaC, including auth methods, RBAC roles/permissions, connectors, management keys, and settings. Useful for configuring auth infrastructure.
npx claudepluginhub descope/skills --plugin descope-skillsThis skill uses the workspace's default tool permissions.
Manage Descope authentication projects as infrastructure-as-code using the official Terraform provider.
Administers Harness Platform for delegates, RBAC, connectors, secrets, templates, OPA policies, user management, audit logs, and governance. Useful for CI/CD platform ops and access control.
Provides patterns for self-service infrastructure including portals, IaC templates with Terraform/Pulumi modules, automated provisioning systems, and guardrails balancing developer autonomy with governance.
Guides creation, modification, validation of Terraform Stack configs (.tfcomponent.hcl, .tfdeploy.hcl); manages components/deployments from local/public/private sources for multi-region/env infrastructure.
Share bugs, ideas, or general feedback.
Manage Descope authentication projects as infrastructure-as-code using the official Terraform provider.
terraform {
required_providers {
descope = {
source = "descope/descope"
}
}
}
provider "descope" {
management_key = var.descope_management_key
}
variable "descope_management_key" {
type = string
sensitive = true
}
| Resource | Purpose |
|---|---|
descope_project | Full project configuration (auth methods, roles, connectors, flows, settings) |
descope_management_key | Management keys with RBAC scoping |
descope_descoper | Console user accounts with role assignments |
See references/project-resource.md for the full descope_project schema.
See references/other-resources.md for descope_management_key and descope_descoper schemas.
resource "descope_project" "myproject" {
name = "my-project"
tags = ["staging"]
}
resource "descope_project" "myproject" {
name = "my-project"
authentication = {
magic_link = {
expiration_time = "1 hour"
}
password = {
lock = true
lock_attempts = 3
min_length = 8
}
sso = {
merge_users = true
redirect_url = var.descope_redirect_url
}
}
}
resource "descope_project" "myproject" {
name = "my-project"
authorization = {
permissions = [
{ name = "read:data", description = "Read access" },
{ name = "write:data", description = "Write access" },
]
roles = [
{
name = "viewer"
permissions = ["read:data"]
},
{
name = "editor"
permissions = ["read:data", "write:data"]
},
]
}
}
resource "descope_project" "myproject" {
name = "my-project"
connectors = {
http = [{
name = "My Webhook"
base_url = var.webhook_url
bearer_token = var.webhook_secret
}]
aws_s3 = [{
name = "Audit Logs"
role_arn = "arn:aws:iam::YOUR_ACCOUNT:role/connector-role"
region = "us-east-1"
bucket = "audit-logs-bucket"
}]
}
}
resource "descope_project" "myproject" {
name = "my-project"
project_settings = {
refresh_token_expiration = "3 weeks"
enable_inactivity = true
inactivity_time = "1 hour"
}
}
Managed by Terraform:
NOT managed by Terraform (use Console/SDK/API instead):
management_key in .tf files - use variables or environment variables (DESCOPE_MANAGEMENT_KEY).tfstate files to version control - they contain sensitive dataterraform plan before terraform applyproject_id provider argumentterraform init # Install provider
terraform plan # Preview changes
terraform apply # Apply changes
terraform destroy # Remove managed resources
references/project-resource.md - Full descope_project schema and all nested blocksreferences/other-resources.md - descope_management_key and descope_descoper schemasreferences/connectors.md - All supported connector types and configuration