Content

📦 Creating a Private Registry for Terraform

  1. Why a private registry? In many companies, Terraform modules contain:
  • Sensitive configurations (internal networks, critical resources)
  • Internal standards (naming conventions, security, compliance)

Publishing these modules to the Public Terraform Registry is not an option.
The solution: set up a Private Terraform Registry.

  1. Private registry architecture Terraform can fetch modules from:
  • Git Repositories (GitHub, GitLab, Bitbucket…)
  • Artifact systems (Artifactory, Nexus…)
  • Terraform Enterprise / Terraform Cloud
  • Custom registry following Terraform’s protocol

Here, we’ll use GitLab as an example:

Simplified diagram:

[ Terraform Dev ] --> [ Private GitLab Registry ] --> [ Cloud Infrastructure ]
  1. Example with GitLab GitLab offers a built-in Terraform Module Registry.

3.1 Requirements

  • GitLab (self-hosted or GitLab.com)
  • One GitLab project per module
  • Access via Personal Access Token or Deploy Token

3.2 Create the module Structure for my-network:

my-network/
├── main.tf
├── variables.tf
├── outputs.tf
├── README.md

Example main.tf:

resource "aws_vpc" "main" {
  cidr_block = var.cidr_block
  tags = {
    Name = var.name
  }
}

variables.tf:

variable "cidr_block" {
  type = string
}

variable "name" {
  type = string
}

3.3 Publish to GitLab

  1. Create a new GitLab repo named terraform-my-network.
  2. Push your code:
git init
git remote add origin git@gitlab.com:my-group/terraform-my-network.git
git add .
git commit -m "Network module"
git push -u origin main
  1. Tag a release:
git tag v1.0.0
git push origin v1.0.0

GitLab will automatically detect it as a Terraform Module.

3.4 Use the module in Terraform In another Terraform project:

module "vpc" {
  source  = "git::https://gitlab.com/my-group/terraform-my-network.git//"
  version = "v1.0.0"

  cidr_block = "10.0.0.0/16"
  name       = "vpc-prod"
}
  1. Business use case Scenario: A company manages multiple environments (dev, staging, prod).
    Instead of duplicating code, it creates a private registry where each network, security, and database module is versioned and reused.

Benefits:

  • đź”’ Security: code is not exposed publicly
  • đź›  Standardization: same modules for all projects
  • đź“ś Versioning: ability to roll back to specific versions
  • ⏱ Time-saving: less code duplication
  1. Best practices
  • Tag all releases (v1.0.0, v1.1.0, etc.)
  • Document each module (clear README + examples)
  • Automate testing with Terraform validate and terraform plan in CI/CD
  • Restrict access to sensitive modules