Remote backend

Use Cora as a Remote Backend

Cora implements the standard Terraform remote backend protocol. You can authenticate with an organization-scoped token, configure a standard backend "remote" block, and push state updates straight from terraform apply or terraform state push.

Prerequisites

A Cora account enrolled in our design partner or beta program.
An active API token created from /tokens. Tokens inherit your current organization and are required for CLI auth.
Terraform CLI version v1.1.0 or later.

Step 1 — Login with Terraform CLI

Start with terraform login thecora.app. Terraform stores the token in ~/.terraform.d/credentials.tfrc.json and reuses it for backend requests to thecora.app.

$ terraform login thecora.app
Terraform will request an API token for thecora.app using your browser.

If login is successful, Terraform will store the token in plain text in
the following file for use by subsequent commands:
    /Users/gabe/.terraform.d/credentials.tfrc.json

Do you want to proceed?
  Only 'yes' will be accepted to confirm.

Need to rotate the token? Re-run terraform login with the same hostname—Terraform will overwrite the credential entry.

Step 2 — Configure the remote backend block

Add a remote backend configuration that mirrors Terraform Cloud. Replace organization with your Cora organization slug (visible in the account menu) and workspace with the Terraform workspace name you want to target.

terraform {
  backend "remote" {
    hostname     = "thecora.app"
    organization = "AcmeCorp"

    workspaces {
      name = "networking-prod"
    }
  }
}

hostname must be thecora.app.
organization must match the slug stored on your token; you can confirm this in /account.
Workspace names are free-form; Cora will create them on first upload if they do not exist.

Step 3 — Initialize the backend

Run terraform init. Terraform negotiates backend settings using standard remote backend endpoints.

$ terraform init
Initializing the backend...
Successfully configured the backend "remote"!

Step 4 — Upload your state

Once initialized, run terraform apply to upload your current state to Cora. This ensures your local state is synchronized with the remote backend and visible in the dashboard.

$ terraform apply
...
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Cora enforces the organization slug on every state upload, lock, and download request. If you see an organization mismatch error, confirm the backend block and token were created for the same slug.

Verifying uploads in Cora

After a successful command, open /home and filter by the workspace you configured. New uploads appear within a few seconds. You can also inspect the raw state version metadata at /api/v2/workspaces/<workspaceId>/current-state-version when authenticated.

Frequently asked questions

Does this replace my S3 backend?

Yes. Cora acts as a fully compliant remote backend. You can migrate from S3 by changing your backend configuration to backend "remote" and running terraform init -migrate-state.

Is my state encrypted?

Yes. All state files are encrypted at rest and in transit. We use industry-standard encryption to ensure your infrastructure data remains secure.

Can I run plans in Cora?

Not yet. Cora currently focuses on state storage and visualization. You should continue running plans locally or in your CI/CD pipeline.

How do I handle locking?

Cora supports state locking out of the box. If a terraform apply is in progress, other operations will be blocked until the lock is released, preventing concurrent state modifications.

Do I need to reissue tokens when switching organizations?

Yes. Tokens are permanently scoped to the organization active in your session when you created them. Create a new token after switching organizations.