Proxy and Trusted certificates

To override the default certificate bundle used by opentf-ctl, you can set the standard CURL_CA_BUNDLE environment variable.

BashCMDPowerShell

export CURL_CA_BUNDLE="/usr/local/myproxy_info/cacert.pem"
export https_proxy="http://10.10.1.10:1080"
opentf-ctl [...]

set CURL_CA_BUNDLE=/path/to/myproxy_info/cacert.pem
set https_proxy=http://10.10.1.10:1080
opentf-ctl [...]

$Env:CURL_CA_BUNDLE = "/path/to/myproxy_info/cacert.pem"
$Env:https_proxy = "http://10.10.1.10:1080"
opentf-ctl [...]

If the following environment variables are defined in opentf-ctl’s environment, they will be used:

Environment variable	Format	Description
http_proxy or HTTP_PROXY	[protocol://]<host>[:port]	Sets the proxy server to use for HTTP.
https_proxy or HTTPS_PROXY	[protocol://]<host>[:port]	Sets the proxy server to use for HTTPS.
no_proxy or NO_PROXY	<comma-separated list of hosts/domains>	List of host names that shouldn’t go through any proxy. If set to an asterisk ‘*’ only, it matches all hosts. Each name in this list is matched as either a domain name which contains the hostname, or the hostname itself.
CURL_CA_BUNDLE	<path to file>	The CA bundle to use.

For the first three environment variables, the lower-cased ones take precedence over the upper-cased ones if both are defined.

The no_proxy or NO_PROXY environment variables, if defined, are interpreted following the Python rules:

• It matches suffixes
• It strips leading .
• * matches all hosts

Regexps are not supported, CIDR blocks are not supported either, and loopback IPs are not detected.

For example, the following two examples will bypass the proxy:

env https_proxy=http://non.existent no_proxy=.example.com opentf-ctl get workflows --server https://example.com
env https_proxy=http://non.existent no_proxy=.example.com opentf-ctl get workflows --server https://orchestrator.example.com

Please refer to “We need to talk: Can we standardize no_proxy?” for more information on how the no_proxy environment variable is interpreted in different contexts.