v1.4.7/website/docs/language/settings/backends/http.mdx - terraform - Git at Google

 ---
 page_title: 'Backend Type: http'
 description: Terraform can store state remotely at any valid HTTP endpoint.
 ---

 # http

 Stores the state using a simple [REST](https://en.wikipedia.org/wiki/Representational_state_transfer) client.

 State will be fetched via GET, updated via POST, and purged with DELETE. The method used for updating is configurable.

 This backend optionally supports [state locking](/language/state/locking). When locking
 support is enabled it will use LOCK and UNLOCK requests providing the lock info in the body. The
 endpoint should return a 423: Locked or 409: Conflict with the holding lock info when it's already
 taken, 200: OK for success. Any other status will be considered an error. The ID of the holding lock
 info will be added as a query parameter to state updates requests.

 ## Example Usage

 ```hcl
 terraform {
   backend "http" {
     address = "http://myrest.api.com/foo"
     lock_address = "http://myrest.api.com/foo"
     unlock_address = "http://myrest.api.com/foo"
   }
 }
 ```

 ## Data Source Configuration

 ```hcl
 data "terraform_remote_state" "foo" {
   backend = "http"
   config = {
     address = "http://my.rest.api.com"
   }
 }
 ```

 ## Configuration Variables

 !> **Warning:**  We recommend using environment variables to supply credentials and other sensitive data. If you use `-backend-config` or hardcode these values directly in your configuration, Terraform will include these values in both the `.terraform` subdirectory and in plan files. Refer to [Credentials and Sensitive Data](/language/settings/backends/configuration#credentials-and-sensitive-data) for details.

 The following configuration options / environment variables are supported:

 - `address` / `TF_HTTP_ADDRESS` - (Required) The address of the REST endpoint
 - `update_method` / `TF_HTTP_UPDATE_METHOD` - (Optional) HTTP method to use
   when updating state. Defaults to `POST`.
 - `lock_address` / `TF_HTTP_LOCK_ADDRESS` - (Optional) The address of the lock
   REST endpoint. Defaults to disabled.
 - `lock_method` / `TF_HTTP_LOCK_METHOD` - (Optional) The HTTP method to use
   when locking. Defaults to `LOCK`.
 - `unlock_address` / `TF_HTTP_UNLOCK_ADDRESS` - (Optional) The address of the
   unlock REST endpoint. Defaults to disabled.
 - `unlock_method` / `TF_HTTP_UNLOCK_METHOD` - (Optional) The HTTP method to use
   when unlocking. Defaults to `UNLOCK`.
 - `username` / `TF_HTTP_USERNAME` - (Optional) The username for HTTP basic
   authentication
 - `password` / `TF_HTTP_PASSWORD` - (Optional) The password for HTTP basic
   authentication
 - `skip_cert_verification` - (Optional) Whether to skip TLS verification.
   Defaults to `false`.
 - `retry_max` / `TF_HTTP_RETRY_MAX` – (Optional) The number of HTTP request
   retries. Defaults to `2`.
 - `retry_wait_min` / `TF_HTTP_RETRY_WAIT_MIN` – (Optional) The minimum time in
   seconds to wait between HTTP request attempts. Defaults to `1`.
 - `retry_wait_max` / `TF_HTTP_RETRY_WAIT_MAX` – (Optional) The maximum time in
   seconds to wait between HTTP request attempts. Defaults to `30`.

 For mTLS authentication, the following three options may be set:

  - `client_certificate_pem` / `TF_HTTP_CLIENT_CERTIFICATE_PEM` - (Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.
  - `client_private_key_pem` /`TF_HTTP_CLIENT_PRIVATE_KEY_PEM` - (Optional) A PEM-encoded private key, required if client_certificate_pem is specified.
  - `client_ca_certificate_pem` / `TF_HTTP_CLIENT_CA_CERTIFICATE_PEM` - (Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.
	---
	page_title: 'Backend Type: http'
	description: Terraform can store state remotely at any valid HTTP endpoint.
	---

	# http

	Stores the state using a simple [REST](https://en.wikipedia.org/wiki/Representational_state_transfer) client.

	State will be fetched via GET, updated via POST, and purged with DELETE. The method used for updating is configurable.

	This backend optionally supports [state locking](/language/state/locking). When locking
	support is enabled it will use LOCK and UNLOCK requests providing the lock info in the body. The
	endpoint should return a 423: Locked or 409: Conflict with the holding lock info when it's already
	taken, 200: OK for success. Any other status will be considered an error. The ID of the holding lock
	info will be added as a query parameter to state updates requests.

	## Example Usage

	```hcl
	terraform {
	backend "http" {
	address = "http://myrest.api.com/foo"
	lock_address = "http://myrest.api.com/foo"
	unlock_address = "http://myrest.api.com/foo"
	}
	}
	```

	## Data Source Configuration

	```hcl
	data "terraform_remote_state" "foo" {
	backend = "http"
	config = {
	address = "http://my.rest.api.com"
	}
	}
	```

	## Configuration Variables

	!> Warning: We recommend using environment variables to supply credentials and other sensitive data. If you use `-backend-config` or hardcode these values directly in your configuration, Terraform will include these values in both the `.terraform` subdirectory and in plan files. Refer to [Credentials and Sensitive Data](/language/settings/backends/configuration#credentials-and-sensitive-data) for details.

	The following configuration options / environment variables are supported:

	- `address` / `TF_HTTP_ADDRESS` - (Required) The address of the REST endpoint
	- `update_method` / `TF_HTTP_UPDATE_METHOD` - (Optional) HTTP method to use
	when updating state. Defaults to `POST`.
	- `lock_address` / `TF_HTTP_LOCK_ADDRESS` - (Optional) The address of the lock
	REST endpoint. Defaults to disabled.
	- `lock_method` / `TF_HTTP_LOCK_METHOD` - (Optional) The HTTP method to use
	when locking. Defaults to `LOCK`.
	- `unlock_address` / `TF_HTTP_UNLOCK_ADDRESS` - (Optional) The address of the
	unlock REST endpoint. Defaults to disabled.
	- `unlock_method` / `TF_HTTP_UNLOCK_METHOD` - (Optional) The HTTP method to use
	when unlocking. Defaults to `UNLOCK`.
	- `username` / `TF_HTTP_USERNAME` - (Optional) The username for HTTP basic
	authentication
	- `password` / `TF_HTTP_PASSWORD` - (Optional) The password for HTTP basic
	authentication
	- `skip_cert_verification` - (Optional) Whether to skip TLS verification.
	Defaults to `false`.
	- `retry_max` / `TF_HTTP_RETRY_MAX` – (Optional) The number of HTTP request
	retries. Defaults to `2`.
	- `retry_wait_min` / `TF_HTTP_RETRY_WAIT_MIN` – (Optional) The minimum time in
	seconds to wait between HTTP request attempts. Defaults to `1`.
	- `retry_wait_max` / `TF_HTTP_RETRY_WAIT_MAX` – (Optional) The maximum time in
	seconds to wait between HTTP request attempts. Defaults to `30`.

	For mTLS authentication, the following three options may be set:

	- `client_certificate_pem` / `TF_HTTP_CLIENT_CERTIFICATE_PEM` - (Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.
	- `client_private_key_pem` /`TF_HTTP_CLIENT_PRIVATE_KEY_PEM` - (Optional) A PEM-encoded private key, required if client_certificate_pem is specified.
	- `client_ca_certificate_pem` / `TF_HTTP_CLIENT_CA_CERTIFICATE_PEM` - (Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.