// the find
argoproj-labs/terraform-provider-argocd
Terraform provider for Argo CD
Terraform provider for managing ArgoCD resources — applications, projects, repositories, clusters, and account tokens. Fills a real gap: some ArgoCD objects (project role JWTs, account tokens) have lifecycles that Kubernetes CRDs can't manage cleanly, and the Kubernetes Terraform providers mangle array merges in ways that silently drop JWTs. For teams already running ArgoCD who want everything in Terraform state, this is the right tool.
1. The JWT/token lifecycle argument is legitimate — exporting a project role JWT to an external CI system via Terraform outputs is genuinely hard to do any other way. 2. Active maintenance with a clear version compatibility matrix against ArgoCD releases; the recent move from the community repo (oboukili) to argoproj-labs gives it official backing. 3. Test suite uses testcontainers to spin up real ArgoCD instances rather than mocking the API — that's the right call for a provider where schema drift against the real API is the main failure mode. 4. Clean separation between the legacy provider code (argocd/) and the rewritten framework-based provider (internal/provider/) — the migration is visible and in progress, not a half-abandoned refactor.
1. The provider scope is limited — no support for ArgoCD notifications, image updater configs, or the newer ApplicationSet generators beyond what's in the spec. You'll still need raw Kubernetes manifests or the k8s provider for those. 2. Mid-migration architecture: the argocd/ directory uses the old SDKv2 pattern while internal/provider/ uses the plugin framework. Resources are split across both, which means inconsistent behavior and two different patterns to debug when something goes wrong. 3. ApplicationSet support covers the basics but some generator types are missing or partially implemented — if you're heavy on matrix or pull-request generators, check the issues before committing. 4. Requires network access from wherever Terraform runs to the ArgoCD API server — in practice this means VPN or bastion setup for production clusters, which isn't documented beyond a single link to the ArgoCD getting-started guide.