Skip to content
longbridge docs

Provision Longbridge as code

Declare clusters, Networks, and tokens with the Longbridge Terraform and OpenTofu provider — one provider across the whole platform, authenticated by a Console API token.

The Longbridge provider lets you declare and reconcile your Longbridge resources — a Control Plane cluster, a Mesh Network, the tokens that go with them — from version-controlled configuration, on either Terraform or OpenTofu. One provider spans the whole platform; resource types are product-prefixed, so longbridge_control_plane_cluster and longbridge_mesh_network sit side by side in the same configuration.

Beta. The provider is published and usable, but resource coverage is still growing and some attributes may change before 1.0. Pin a version.

Install

Add the provider to your configuration and run terraform init (or tofu init).

terraform {
  required_providers {
    longbridge = {
      source  = "longbridgehq/longbridge"
      version = "~> 0.1"
    }
  }
}

provider "longbridge" {
  # Reads LONGBRIDGE_API_TOKEN from the environment by default.
}

Authenticate

The provider talks to the Console API and authenticates with a Console API token — the same tokens you manage under Account & billing. Create one scoped to the Org you want to manage, and export it:

export LONGBRIDGE_API_TOKEN="lb_tok_…"

Never commit the token. In CI, supply it as a secret environment variable.

A first resource

resource "longbridge_control_plane_cluster" "app" {
  name = "app-prod"
  tier = "small"
}

# The kubeconfig is an ephemeral resource — re-fetched each run, never persisted
# to state. Feed it straight into the kubernetes/helm providers.

Run terraform plan to preview, then terraform apply to create the cluster.

Where the full reference lives

Every resource, data source, and argument is documented on the registries — generated straight from the provider schema, versioned with each release:

These docs — here — cover the narrative: how to install, authenticate, model your infrastructure, and handle state and secrets safely. The registries are the canonical per-resource reference.

Handle state and secrets safely

  • Kubeconfigs and join tokens are ephemeral or write-only — they’re minted on demand and never linger in plan output.
  • Encrypt your state. Longbridge resources can carry sensitive values; use OpenTofu’s native state encryption or your backend’s encryption, and treat the state file as a secret regardless.

Next