Caputchin
Automation

Use Terraform or OpenTofu

The official Caputchin provider lets you manage your account as infrastructure-as-code: declare troops, site keys, security policy, members, and tokens in .tf files and apply them like any other resource. It is the same management API as everything else under automation, expressed as Terraform resources.

It is published once and works with both Terraform and OpenTofu from the same source; the HCL is identical, only the CLI binary (terraform or tofu) and the registry differ. Everywhere below, use whichever you run.

Mint an access token

The provider reads its token from the CAPUTCHIN_MANAGEMENT_TOKEN environment variable (recommended, so it stays out of source). Either kind of token works (see API authentication): a personal access token for full-account infrastructure, or a troop access token scoped to the troops your configuration manages.

export CAPUTCHIN_MANAGEMENT_TOKEN=cpt_pat_...

There is a chicken-and-egg case: the provider can also mint tokens (the caputchin_account_token and caputchin_troop_pat resources), but it needs a token to authenticate in the first place. Mint the first one by hand in the dashboard, then let Terraform manage the rest.

Configure the provider

terraform {
  required_providers {
    caputchin = {
      source  = "caputchin/caputchin"
      version = "~> 0.1"
    }
  }
}

# Token from CAPUTCHIN_MANAGEMENT_TOKEN; endpoint defaults to https://caputchin.com/api.
provider "caputchin" {}

The same source = "caputchin/caputchin" resolves from the Terraform Registry and the OpenTofu Registry, so the block is the same under either tool.

A worked example: a troop with a gated site key

This creates a troop, a site key in it, and turns on the game gate for that key:

resource "caputchin_troop" "shop" {
  name = "shop-team"
}

resource "caputchin_site_key" "shop_frontend" {
  name     = "shop-frontend"
  troop_id = caputchin_troop.shop.id
}

resource "caputchin_site_security_settings" "shop_frontend" {
  site_id      = caputchin_site_key.shop_frontend.id
  require_game = true
}

# The public key is an attribute; the secret is sensitive, in state only.
output "shop_site_key" {
  value = caputchin_site_key.shop_frontend.key
}

Then, with either tool:

terraform init && terraform apply
# or
tofu init && tofu apply

The site key's secret is a sensitive computed attribute; read it from state (terraform output) to configure your backend verification. Every apply is attributed to your token in the audit log on Apex, so a change through Terraform is as traceable as a dashboard edit.

What you can manage

Resources cover the same surface as the dashboard: troops and their members and tokens, site keys, security settings, hosted verification, game and white-label customization, and account tokens. Data sources let you read existing troops, sites, account info, and statistics into a configuration.

The full reference

Every resource and data source, with all its arguments and attributes and import syntax, is on the provider's registry page. It is generated from the provider source, so it tracks the released version exactly:

  • Terraform Registry: registry.terraform.io/providers/caputchin/caputchin
  • OpenTofu Registry: search.opentofu.org/provider/caputchin/caputchin

For the underlying operations each resource performs, see the interactive API reference.

See also

MCP tools reference

Previous

Run your own game

Next

On this page

Mint an access tokenConfigure the providerA worked example: a troop with a gated site keyWhat you can manageThe full referenceSee also