Changelog
Terraform v5.4.0 now available
Earlier this year, we announced the launch of the new Terraform v5 Provider. Unlike the earlier Terraform providers, v5 is automatically generated based on the OpenAPI Schemas for our REST APIs. Since launch, we have seen an unexpectedly high number of issues ↗ reported by customers. These issues currently impact about 15% of resources. We have been working diligently to address these issues across the company, and have released the v5.4.0 release which includes a number of bug fixes. Please keep an eye on this changelog for more information about upcoming releases.
- Removes the worker_platforms_script_secretresource from the provider
- Removes duplicated fields in cloudflare_cloud_connector_rulesresource
- Fixes cloudflare_workers_routeid issues #5134 ↗ #5501 ↗
- Fixes issue around refreshing resources that have unsupported response types
Affected resources- cloudflare_certificate_pack
- cloudflare_registrar_domain
- cloudflare_stream_download
- cloudflare_stream_webhook
- cloudflare_user
- cloudflare_workers_kv
- cloudflare_workers_script
 
- Fixes cloudflare_workers_kvstate refresh issues
- Fixes issues around configurability of nested properties without computed values for the following resources
Affected resources- cloudflare_account
- cloudflare_account_dns_settings
- cloudflare_account_token
- cloudflare_api_token
- cloudflare_cloud_connector_rules
- cloudflare_custom_ssl
- cloudflare_d1_database
- cloudflare_dns_record
- email_security_trusted_domains
- cloudflare_hyperdrive_config
- cloudflare_keyless_certificate
- cloudflare_list_item
- cloudflare_load_balancer
- cloudflare_logpush_dataset_job
- cloudflare_magic_network_monitoring_configuration
- cloudflare_magic_transit_site
- cloudflare_magic_transit_site_lan
- cloudflare_magic_transit_site_wan
- cloudflare_magic_wan_static_route
- cloudflare_notification_policy
- cloudflare_pages_project
- cloudflare_queue
- cloudflare_queue_consumer
- cloudflare_r2_bucket_cors
- cloudflare_r2_bucket_event_notification
- cloudflare_r2_bucket_lifecycle
- cloudflare_r2_bucket_lock
- cloudflare_r2_bucket_sippy
- cloudflare_ruleset
- cloudflare_snippet_rules
- cloudflare_snippets
- cloudflare_spectrum_application
- cloudflare_workers_deployment
- cloudflare_zero_trust_access_application
- cloudflare_zero_trust_access_group
 
The detailed changelog ↗ is available on GitHub.
If you are evaluating a move from v4 to v5, please make use of the migration guide ↗. We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of terraform plan to test your changes before applying, and let us know if you encounter any additional issues either by reporting to our GitHub repository ↗, or by opening a support ticket ↗.
Updates to Account Home - Quick actions, traffic insights, Workers projects, and more

Recently, Account Home has been updated to streamline your workflows:
- 
Recent Workers projects: You'll now find your projects readily accessible from a new Developer Platformtab on Account Home. See recently-modified projects and explore what you can work our developer-focused products.
- 
Traffic and security insights: Get a snapshot of domain performance at a glance with key metrics and trends. 
- 
Quick actions: You can now perform common actions for your account, domains, and even Workers in just 1-2 clicks from the 3-dot menu. 
- 
Keep starred domains front and center: Now, when you filter for starred domains on Account Home, we'll save your preference so you'll continue to only see starred domains by default. 
We can't wait for you to take the new Account Home for a spin.
For more info:
Cloudflare Terraform Provider now properly redacts sensitive values
In the Cloudflare Terraform Provider ↗ versions 5.2.0 and above, sensitive properties of resources are redacted in logs. Sensitive properties in Cloudflare's OpenAPI Schema ↗ are now annotated with x-sensitive: true. This results in proper auto-generation of the corresponding Terraform resources, and prevents sensitive values from being shown when you run Terraform commands.
This issue affected resources ↗ related to these products and features:
- Alerts and Audit Logs
- Device API
- DLP
- DNS
- Magic Visibility
- Magic WAN
- TLS Certs and Hostnames
- Tunnels
- Turnstile
- Workers
- Zaraz
Dozens of Cloudflare Terraform Provider resources now have proper drift detection
In Cloudflare Terraform Provider ↗ versions 5.2.0 and above, dozens of resources now have proper drift detection. Before this fix, these resources would indicate they needed to be updated or replaced — even if there was no real change. Now, you can rely on your terraform plan to only show what resources are expected to change.
This issue affected resources ↗ related to these products and features:
- API Shield
- Argo Smart Routing
- Argo Tiered Caching
- Bot Management
- BYOIP
- D1
- DNS
- Email Routing
- Hyperdrive
- Observatory
- Pages
- R2
- Rules
- SSL/TLS
- Waiting Room
- Workers
- Zero Trust
Terraform v5 Provider is now generally available

Cloudflare's v5 Terraform Provider is now generally available. With this release, Terraform resources are now automatically generated based on OpenAPI Schemas. This change brings alignment across our SDKs, API documentation, and now Terraform Provider. The new provider boosts coverage by increasing support for API properties to 100%, adding 25% more resources, and more than 200 additional data sources. Going forward, this will also reduce the barriers to bringing more resources into Terraform across the broader Cloudflare API. This is a small, but important step to making more of our platform manageable through GitOps, making it easier for you to manage Cloudflare just like you do your other infrastructure.
The Cloudflare Terraform Provider v5 is a ground-up rewrite of the provider and introduces breaking changes for some resource types. Please refer to the upgrade guide ↗ for best practices, or the blog post on automatically generating Cloudflare's Terraform Provider ↗ for more information about the approach.
For more info
Terraform Provider is now automatically generated
With the version 5 release of Cloudflare's Terraform Provider, Terraform resources are now being automatically generated based on OpenAPI Schemas. This change brings alignment across our SDKs, API Documentation, and now Terraform Provider. The new provider boosts coverage by increasing API properties to 100%, adding 25% more resources, and more than 200 additional data sources.
Warning: Version 5 of the Cloudflare Terraform Provider is a ground-up rewrite of the provider and introduces breaking changes.
Refer to the upgrade guide ↗ for best practices, or the blog post on automatically generating Cloudflare's Terraform Provider ↗ for more information.
Use account owned tokens to manage other account owned tokens
Cloudflare's token management now allows users to set up a primary account owned token where they can manage all other account owned tokens.
Refer to Account owned tokens documentation for more details.
Cloudflare API docs are now automatically generated
Cloudflare's API documentation is now being automatically generated based on OpenAPI Schemas, and we have retired our old documentation. The move to OpenAPI Schemas allows us to ensure greater consistency and quality across our API documentation. The documentation now also includes examples of how to call the API using curl or our SDKs.
Refer to the Cloudflare API documentation, or the blog post on our transition to OpenAPI ↗ for more information.
Dashboard SCIM is now fully self-serve
Dashboard SCIM is now self-serve. Previously, users configuring SCIM required assistance from Cloudflare to configure SCIM to onboard users. Now, with account owned tokens, SCIM can be configured by Enterprise customers that use Okta or Microsoft Entra without any assistance from Cloudflare.
Refer to the SCIM documentation for more details.
Account owned tokens
Account owned tokens are now generally available. Unlike user-owned tokens, account owned tokens are tied with the Cloudflare account instead of the user that created them. This ensures that long term integrations like CI/CD are not broken if the user that set it up leaves your organization.
Refer to the Account owned tokens documentation or the blog post ↗ for more details.
Terraform v5 SDK preview
The Terraform v5 Provider is now available as a preview. This new provider is automatically generated based on the OpenAPI Specifications for our REST API, and provides improved user experiences overall.
Refer to the Terraform documentation ↗ or the blog post ↗ for more details.
API Documentation Preview
Cloudflare's API documentation is now available in preview with new automatically generated documentation. This documentation includes code snippets that refer to language-specific SDKs to make it easier to get started than ever.
Refer to the blog post ↗ for more details.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark