Can I use Terraform Cloud as a CLI?

Yes. KosmoKrator exposes a Terraform Cloud CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Terraform Cloud through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Terraform Cloud tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Terraform Cloud credentials stored?

Terraform Cloud credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Terraform Cloud MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

productivity

Terraform Cloud MCP Integration for Claude Agent SDK

Connect Terraform Cloud to Claude Agent SDK through the local KosmoKrator MCP gateway with scoped tools, credentials, and write policy.

7 functions 7 read 0 write API token auth

Submit Terraform Cloud feedback View package source

Connect Terraform Cloud to Claude Agent SDK

Give Claude Agent SDK workflows access to KosmoKrator integrations through a local MCP server.

Add a KosmoKrator stdio MCP server to the Claude Agent SDK options. The gateway is local, scoped to this integration, and starts with --write=deny so Claude Agent SDK can inspect read-capable tools without receiving write access by default.

Terraform Cloud MCP Config for Claude Agent SDK

Use a narrow integration list so the agent does not load unrelated tools.

{
  "mcpServers": {
    "kosmokrator-terraform": {
      "type": "stdio",
      "command": "kosmo",
      "args": [
        "mcp:serve",
        "--integration=terraform",
        "--write=deny"
      ]
    }
  }
}

Run the Gateway Manually

kosmokrator mcp:serve --integration=terraform --write=deny

Why Use KosmoKrator Here

Scoped tools

Expose only Terraform Cloud instead of a broad multi-service tool list.

Local credentials

Reuse credentials already configured for the KosmoKrator CLI and Lua runtime.

Write policy

Start read-only, then opt into ask or allow for trusted workspaces.

Terraform Cloud Tools Visible to Claude Agent SDK

Claude Agent SDK sees stable MCP tool names generated from the Terraform Cloud integration catalog.

MCP tool	Source function	Type	Description
`integration__terraform__terraform_list_workspaces`	`terraform.terraform_list_workspaces`	Read	List workspaces in a Terraform Cloud organization. Returns workspace IDs, names, Terraform versions, and locked status.
`integration__terraform__terraform_get_workspace`	`terraform.terraform_get_workspace`	Read	Get details of a specific Terraform Cloud workspace by its ID. Returns workspace configuration, status, and VCS settings.
`integration__terraform__terraform_list_runs`	`terraform.terraform_list_runs`	Read	List runs for a Terraform Cloud workspace. Returns run IDs, statuses, trigger reasons, and timestamps.
`integration__terraform__terraform_get_run`	`terraform.terraform_get_run`	Read	Get details of a specific Terraform Cloud run by its ID. Returns run status, plan/apply results, and configuration version info.
`integration__terraform__terraform_list_variables`	`terraform.terraform_list_variables`	Read	List variables for a Terraform Cloud workspace. Returns variable names, types (Terraform or environment), and sensitivity flags.
`integration__terraform__terraform_list_organizations`	`terraform.terraform_list_organizations`	Read	List Terraform Cloud organizations the authenticated user has access to. Returns organization names and IDs.
`integration__terraform__terraform_get_current_user`	`terraform.terraform_get_current_user`	Read	Get the currently authenticated Terraform Cloud user. Useful for verifying authentication and retrieving user details.

Related Terraform Cloud Pages

Terraform Cloud CLIUse direct JSON commands instead of MCP discovery. Terraform Cloud MCPFull gateway reference and MCP tool names. KosmoKrator for Claude Agent SDKClient-level gateway setup.