hashicorp/agent-skills
16 skills29.6k installs10.5k starsGitHub
Install
npx skills add https://github.com/hashicorp/agent-skillsSkills in this repo
1Terraform Style Guideterraform-style-guide (security variant in SKILL.md) teaches coding agents to emit Terraform HCL aligned with HashiCorp security practices. Indie builders shipping on AWS or similar clouds invoke it when generating modules or resources so defaults include encryption, restricted public exposure, tight IAM/security-group scope, and observable operations. The skill stresses marking sensitive outputs, preferring ephemeral resources where Terraform supports them, and illustrating patterns with a hardened S3 bucket configuration. It complements generic style formatting by elevating security defaults every time new infrastructure code is proposed—useful during initial module authoring and again before merge or release when infra diffs need a security pass.5.5kinstalls2Terraform TestTerraform Test is a HashiCorp-oriented agent skill that helps solo builders wire native terraform test into CI instead of relying on manual plan reviews alone. It documents GitHub Actions and GitLab CI patterns: recursive fmt -check, init, validate, filtered unit tests that can run in plan mode without credentials, and integration tests that run on main behind secrets such as AWS_ACCESS_KEY_ID. Use it when your agent maintains modules or root stacks and you want PR-level safety plus occasional cloud-backed assertions. The skill emphasizes job ordering (unit before integration), verbose test output, and environment injection for real infrastructure checks. It fits indie teams shipping Terraform-managed SaaS or APIs who need repeatable gates without building a custom test harness. Pair it with module authoring skills for the HCL itself; this skill focuses on pipeline integration and test execution policy.3.5kinstalls3Refactor ModuleRefactor Module is a HashiCorp agent skill that walks solo builders and small teams through breaking an oversized Terraform root into maintainable modules without breaking production state. The agent analyzes your source directory, proposes module boundaries aligned with registry-style interfaces, and documents variables, outputs, versioning, and tests—the same pillars HashiCorp emphasizes for reusable infrastructure. You supply required inputs such as source_directory, module_name, and whether to preserve_state; optional abstraction_level tunes how aggressively logic is hidden behind the module API. It fits the Build phase when integrations with AWS, Azure, or other providers have outgrown copy-paste, and it extends into Ship and Operate when you need predictable upgrades and safer rollouts. Intermediate complexity: you should understand resource dependencies and be able to read a state file well enough to approve a migration plan—the skill guides structure but does not replace human judgment on blast radius. Ideal when preparing a private module for repeated environments (staging vs prod) or before publishing to a team registry.2.6kinstalls4Terraform StacksTerraform Stacks (API monitoring reference) teaches solo builders and small teams how to observe HashiCorp Cloud Platform Terraform Stack deployments without interactive CLI watchers. It is for anyone running infrastructure changes in pipelines, custom tools, or coding agents where streaming commands would hang indefinitely. The skill contrasts API-first monitoring with commands such as deployment-run watch and explains when programmatic access is mandatory. You learn token extraction, request headers, and a structured workflow across the monitoring endpoints so you can implement polling, custom retry logic, and multi-Stack dashboards. For indie SaaS and API operators on HCP Terraform, this keeps ship and operate phases observable in headless environments while staying aligned with Terraform Stacks operations rather than greenfield module design.2.5kinstalls5Terraform Search ImportTerraform-search-import teaches agents to bring drift-prone or manually created cloud assets under Terraform using declarative Search queries and bulk import blocks. Solo builders and small teams use it when a production account already has S3 buckets, instances, or other objects that never entered state, or when they need an inventory pass before refactoring modules. The skill insists on checking provider support via list_resources.sh before writing queries, then follows HashiCorp’s list and bulk-import references to generate import-ready configuration rather than hand-typing resource addresses. That ordering prevents wasted cycles on unsupported resource types and makes audit and migration projects repeatable across regions and accounts. On Prism it sits in Operate infrastructure work but equally supports Validate scope decisions (“what do we actually run?”) and Build integration spikes when wiring new environments to existing footprints.1.8kinstalls6Provider ResourcesProvider-resources is a HashiCorp agent skill for developers who maintain Terraform providers—not consumers wiring modules in HCL. When you are building the bridge between a cloud or SaaS API and Terraform’s ecosystem, the skill walks through Plugin Framework resource and data source implementation: schema typing, CRUD callbacks, finder helpers, test files, and the markdown docs Terraform Registry expects. Solo maintainers of niche providers or indie teams forking an existing provider use it to keep file layout consistent (internal/service/<service>/, exports_test.go, service_package_gen.go) and to avoid common state and import gaps. Intermediate-to-advanced Go and Terraform plugin knowledge is assumed. It does not replace reading upstream framework churn; it compresses implementation checklists so your coding agent does not hallucinate legacy SDKv2 patterns. Install during active provider feature work in the build phase rather than at ship-time module tuning.1.7kinstalls7New Terraform ProviderNew Terraform Provider is a HashiCorp agent skill that walks you through scaffolding a brand-new Terraform provider using the Terraform Plugin Framework in Go. Solo builders and small platform teams use it when they need to expose a proprietary or niche API as terraform resources and want a correct main.go, module layout, and verification commands instead of copying stale templates. The workflow starts by confirming you truly want a new root directory prefixed with terraform-provider-, then initializes the module, pulls the framework, writes main.go from the documented example, strips TODOs, and proves the tree compiles and tests clean. Invoke it at the start of a provider greenfield—not when you only need a single resource type added to an mature repo. It encodes IBM/HashiCorp copyright and MPL-2.0 licensing expectations suitable for open provider development. After scaffolding, you typically iterate on internal/provider packages, CRUD schemas, and acceptance tests; this skill delivers the empty but buildable shell agents often skip when rushing integrations.1.6kinstalls8Provider ActionsProvider-actions is an agent skill for HashiCorp-style Terraform provider maintainers who need to add experimental Actions—imperative steps tied to resource lifecycle events rather than pure declarative CRUD. Solo and indie builders shipping custom providers or enterprise forks use it to scaffold action packages under internal/service, wire Framework schemas, and pair implementation with tests and public action documentation. The guide references the official Plugin Framework and the Terraform plugin-protocol actions RFC so agents do not invent incompatible APIs. It suits builders who already work in Go on providers and want consistent file naming, changelog discipline, and documentation paths instead of one-off snippets. It is not a substitute for learning Terraform resource design; it focuses narrowly on action surfaces that run at defined lifecycle moments.1.6kinstalls9Run Acceptance TestsRun Acceptance Tests is a HashiCorp agent skill for maintainers and solo builders working on Terraform providers who need a repeatable way to execute `TestAcc`-prefixed Go tests against real cloud APIs. It specifies the minimum invocation—`go test` with `TF_ACC=1`—and a cumulative diagnostic ladder when tests fail, from disabling cache with `-count=1` through verbose logging and persisting Terraform working directories for inspection. It also covers credential gaps common in provider acceptance suites and cautions that green tests can still be weak, offering a path to stress a passing test. The skill fits indie OSS provider authors and small teams who ship infrastructure integrations and want their coding agent to follow HashiCorp’s accepted conventions instead of guessing test commands.1.5kinstalls10Azure Verified ModulesAzure Verified Modules is an agent skill for solo builders and small platform teams shipping Terraform on Azure who need modules to pass Microsoft’s AVM bar—not just “works on my subscription.” It encodes mandatory requirements from the official AVM Terraform spec: cross-referencing other verified modules, provider versioning, naming and structure for variables and outputs, locals discipline, root module configuration, test expectations, and documentation patterns. Use it when creating a new Azure module you intend to certify, refactoring an internal module toward AVM shape, or reviewing a PR where reviewers will ask for spec compliance. The skill is reference-heavy and checklist-driven, which suits agent-assisted iteration: your agent can diff your `variables.tf`, `outputs.tf`, and tests against stated MUST-level rules instead of guessing from blog posts. It pairs naturally with Terraform workflow skills and Azure deploy skills: certify the module in build, then reuse it across ship and operate without rediscovering requirements each sprint.1.3kinstalls11Aws Ami BuilderAWS AMI Builder is a HashiCorp-packaged agent skill that teaches Packer’s amazon-ebs workflow for solo builders and small teams who need reproducible EC2 images instead of manual snapshot drift. It centers on a complete minimal template: plugin pinning, regional variables, Canonical Ubuntu Jammy filters, SSH user selection, and tagged AMI names derived from timestamps. The skill reminds you that AMI builds bill for temporary instances, EBS, and transfer, with runs often lasting ten to thirty minutes depending on provisioning depth. You extend the build block with shell or other provisioners to bake packages, agents, and hardening steps before registration. Use it when launching a new service on EC2, refreshing base images after CVE patches, or standardizing dev/stage/prod parity. The outcome is version-controlled Packer configuration your CI or laptop can execute to publish named AMIs ready for launch templates or Auto Scaling groups.1.1kinstalls12Push To Registrypush-to-registry is a HashiCorp agent skill for solo builders and platform-minded indies who already use Packer and want HCP Packer as the system of record for image lineage. It shows how to embed an hcp_packer_registry stanza in a build block so each run records bucket metadata, descriptions, and team or OS labels without pushing the actual disk artifacts to the registry—keeping CI fast while still enabling lifecycle tracking. The included HCL walks through variables, locals for timestamps, an amazon-ebs source, and labeled builds suitable for web-server baselines. Use it when integrating golden-image pipelines with HashiCorp Cloud Platform governance rather than ad-hoc AMI names in AWS alone. Intermediate complexity: you need working Packer sources and an HCP Packer project. Pair with broader Packer authoring skills in the same repo when templates do not exist yet.1kinstalls13Provider Test PatternsProvider-test-patterns is an agent skill that encodes HashiCorp’s recommended acceptance-test layout for Terraform providers built with the Plugin Framework and validated through terraform-plugin-testing. Solo builders and small teams maintaining custom providers use it when they need TestCase and TestStep files that correctly apply statecheck and plancheck, config helpers, import-state verification, sweepers, and ephemeral resource scenarios instead of legacy TestCheckFunc habits. The skill covers basic through regression flows, disappears and validation cases, ExpectError and CheckDestroy expectations, and points to bundled references for comparers, tfjsonpath, and sweeper dependencies. It is aimed at authors and reviewers who already have a provider codebase and want tests that match official testing-patterns guidance before merge or release, not at general application test suites or module-only Terraform projects.1kinstalls14Azure Image BuilderAzure Image Builder is an agent skill that walks solo builders through HashiCorp Packer templates using the `azure-arm` builder to create custom Azure managed images and Azure Compute Gallery entries. It is aimed at indie operators who need repeatable VM baselines—application dependencies, hardening steps, or agent-friendly images—without clicking through the portal for every release. The SKILL.md frontmatter triggers use when creating custom images for Azure VMs; templates emphasize sensitive credential variables, resource group placement, publisher/offer/sku sources, and cost awareness because every build spins up temporary compute. Expect intermediate comfort with Azure IAM, resource groups, and Packer workflow commands. The skill is procedural infrastructure knowledge, not a hosted build service; you still run `packer build` in a trusted environment with secrets supplied securely.910installs15Windows Builderwindows-builder is a HashiCorp agent skill that teaches platform-agnostic Packer patterns for Windows images using WinRM and PowerShell provisioners. Solo builders and small teams use it when they must ship hardened Windows Server AMIs on AWS, images on Azure, or VMware templates—not when tweaking React UI. The skill emphasizes communicator setup (winrm_use_ssl, extended timeouts), bootstrap scripts that open firewall ports and enable Basic auth for Packer, and realistic expectations about build duration and cost. Advanced complexity: you need cloud accounts, IAM, and tolerance for long-running CI jobs. Invoke during Operate when standardizing how VMs are baked before autoscaling groups or Kubernetes node pools consume them. Agents should follow the embedded HCL and setup-winrm.ps1 structure rather than improvising SSH-based Linux flows. Always verify resource cleanup after failures, as the skill notes orphaned instances may keep charging.906installs16Provider Docsprovider-docs encodes HashiCorp’s expectations for Terraform provider documentation that solo maintainers and small ISV teams ship to the public Registry. It points agents at the official registry providers docs URL as the authority, insists on publishing through Terraform Registry using tfplugindocs, and maps concrete template filenames under docs/ for index pages, data sources, resources, ephemeral and list resources, functions, and guides. The generation workflow wires through go generate with --provider-name or an equivalent direct tfplugindocs invocation from the repository root. The skill is for authors extending or refreshing a provider’s doc set so schema-driven descriptions flow into Registry-rendered pages without ad-hoc markdown drift.885installs