OpenClaw Terraform Provider
Declarative configuration management for the OpenClaw AI gateway.
Unofficial community provider — This project is not affiliated with, endorsed by, or sponsored by the OpenClaw project or OpenAI. It is an independent, community-maintained Terraform provider.
The OpenClaw Terraform provider enables declarative, version-controlled management of your OpenClaw AI gateway configuration. Instead of editing openclaw.json by hand, define your gateway, channels, agents, and routing rules as Terraform resources.
Why Terraform for OpenClaw?
- Version control -- track every config change in git
- Review workflows -- PR-based approval for gateway changes
- Reproducibility -- spin up identical configurations across environments
- Composition -- combine OpenClaw config with cloud infrastructure in a single plan
- Drift detection --
terraform planshows exactly what changed outside Terraform
Architecture
The provider has two transport backends:
openclaw providerWebSocket mode connects to a running gateway and patches config via the config.patch RPC. Changes take effect immediately (depending on reload_mode).
File mode reads and writes the JSON config file directly. Useful for pre-provisioning a config before the gateway starts, or in CI/CD pipelines.
Provider Configuration
See Provider Configuration for all options including authentication and environment variables.
Getting Started
1. Install OpenClaw
npm install -g openclaw2. Start the gateway
openclaw gateway --port 187893. Write your Terraform config
terraform {
required_providers {
openclaw = {
source = "registry.terraform.io/kylemclaren/openclaw"
}
}
}
provider "openclaw" {
gateway_url = "ws://127.0.0.1:18789"
token = var.gateway_token
}
resource "openclaw_gateway" "main" {
port = 18789
bind = "loopback"
reload_mode = "hybrid"
}
resource "openclaw_agent_defaults" "main" {
model_primary = "anthropic/claude-sonnet-4-20250514"
workspace = "~/.openclaw/workspace"
timeout_seconds = 600
heartbeat_every = "30m"
}
resource "openclaw_channel_whatsapp" "main" {
dm_policy = "pairing"
allow_from = ["+15555550123"]
}4. Apply
terraform init
terraform plan
terraform apply5. Verify
cat ~/.openclaw/openclaw.jsonFile Mode (Offline Provisioning)
If no gateway_url is set, the provider operates on the config file directly:
provider "openclaw" {
config_path = "/etc/openclaw/openclaw.json"
}This is useful for:
- Building a config before deploying the gateway
- CI/CD pipelines that generate configs for deployment
- Environments where the gateway isn't running during provisioning
Resource Overview
Core
| Resource | Description | Doc |
|---|---|---|
openclaw_gateway | Server settings | Reference |
openclaw_agent_defaults | Default agent config | Reference |
openclaw_agent | Individual agent | Reference |
openclaw_binding | Agent routing rules | Reference |
openclaw_session | Session lifecycle | Reference |
openclaw_messages | Message handling | Reference |
Channels
| Resource | Description | Doc |
|---|---|---|
openclaw_channel_whatsapp | Reference | |
openclaw_channel_telegram | Telegram | Reference |
openclaw_channel_discord | Discord | Reference |
openclaw_channel_slack | Slack | Reference |
openclaw_channel_signal | Signal | Reference |
openclaw_channel_imessage | iMessage | Reference |
openclaw_channel_googlechat | Google Chat | Reference |
Extensions
| Resource | Description | Doc |
|---|---|---|
openclaw_plugin | Plugin entry | Reference |
openclaw_skill | Skill entry | Reference |
openclaw_hook | Webhooks | Reference |
openclaw_cron | Cron jobs | Reference |
openclaw_tools | Tool access control | Reference |
Data Sources
| Data Source | Description | Doc |
|---|---|---|
openclaw_gateway | Gateway settings (read-only) | Reference |
openclaw_agent_defaults | Agent default settings (read-only) | Reference |
openclaw_agents | All configured agents (read-only) | Reference |
openclaw_channels | All configured channels (read-only) | Reference |
openclaw_config | Full raw config + hash | Reference |
openclaw_health | Gateway health (WS only) | Reference |
Import
All resources support terraform import. Singleton resources use a fixed ID:
terraform import openclaw_gateway.main gateway
terraform import openclaw_session.main sessionArray-based resources use their identifier:
terraform import openclaw_agent.research research
terraform import openclaw_binding.discord_research "research/discord"
terraform import openclaw_plugin.web_search web_search
terraform import openclaw_skill.calculator calculatorExamples
- Basic: Gateway with Two Channels -- Single gateway with WhatsApp and Telegram
- Multi-Agent: Channel-Based Routing -- Multiple agents with channel-based routing
- Full-Stack: Every Resource Type -- Every resource type exercised