Skip to main content

Configuration

Complete configuration guide for the Terraform MCP Server including Neo4j database setup, environment variables, and security settings.

📋 Prerequisites

RequirementDescription
Python 3.12+Required for installation
Neo4j 4.4+With vector search support
Terraform CLIFor command execution
AI Provider API KeyOpenAI, Anthropic, Azure OpenAI, Cohere, or Ollama

🗄️ Neo4j Database Setup

# Pull the latest Neo4j Docker image
docker pull neo4j

# Start Neo4j database
docker run \
  --publish=7474:7474 --publish=7687:7687 \
  --volume=/path/to/your/neo4j_data:/data \
  --env NEO4J_AUTH=neo4j/your-password \
  --env NEO4J_PLUGINS='["apoc"]' \
  --env "NEO4J_dbms_security_procedures_unrestricted=apoc.*,apoc.meta.data" \
  --env "NEO4J_dbms_security_procedures_allowlist=apoc.*,apoc.meta.data" \
  neo4j

Important Notes:

  • Replace /path/to/your/neo4j_data with your data directory
  • Replace your-password with a secure password
  • Port 7474: Neo4j Browser (web interface)
  • Port 7687: Bolt protocol (used by MCP server)

Option 2: Direct Installation

Download and install Neo4j from neo4j.com following their official installation guide.

📦 Installation Options

# Install uv if not already installed
curl -LsSf https://astral.sh/uv/install.sh | sh

# Clone the repository
git clone git@github.com:talkops-ai/talkops-mcp.git
cd talkops-mcp/src/terraform-mcp-server

# Create virtual environment and install
uv venv --python=3.12
source .venv/bin/activate  # Unix/macOS
# .venv\Scripts\activate   # Windows

uv pip install -e .

Option 2: Using pip

git clone git@github.com:talkops-ai/talkops-mcp.git
cd talkops-mcp/src/terraform-mcp-server

python -m venv .venv
source .venv/bin/activate

pip install -e .

⚙️ Environment Variables

Create a .env file in the project root:

touch .env

Required Configuration

# Neo4j Configuration
NEO4J_URI=bolt://localhost:7687
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD=your-password

# AI Provider Configuration (choose one)
OPENAI_API_KEY=sk-...                    # OpenAI
ANTHROPIC_API_KEY=sk-ant-...            # Anthropic
AZURE_OPENAI_API_KEY=your-key           # Azure OpenAI
AZURE_OPENAI_ENDPOINT=https://...       # Azure OpenAI

Optional Configuration

# Additional AI Providers
COHERE_API_KEY=your-key                 # Cohere
OLLAMA_BASE_URL=http://localhost:11434  # Ollama

# Server Configuration
HOST=0.0.0.0
PORT=8000
LOG_LEVEL=INFO

📊 Configuration Reference

Server Configuration

VariableDefaultDescription
HOST0.0.0.0Server host address
PORT8000Server port
DEBUGfalseDebug mode
LOG_LEVELINFOLogging level

Neo4j Configuration

VariableDefaultDescription
NEO4J_URIbolt://localhost:7687Neo4j connection URI
NEO4J_USERNAMEneo4jDatabase username
NEO4J_PASSWORD(required)Database password

AI Configuration

VariableDefaultDescription
LLM_PROVIDERopenaiLLM provider
LLM_MODELgpt-4oLLM model name
EMBEDDING_PROVIDERopenaiEmbedding provider
EMBEDDING_MODELtext-embedding-ada-002Embedding model
EMBEDDING_DIMENSIONS1536Embedding dimensions

Terraform Execution Security

VariableDefaultDescription
TERRAFORM_SECURITY_ENABLEDtrueEnable security features
TERRAFORM_ALLOWED_COMMANDS["init", "plan", "validate", "apply", "destroy"]Allowed commands
TERRAFORM_ALLOWED_WORKING_DIRECTORIES["/tmp", "/var/tmp"]Allowed directories
TERRAFORM_MAX_TIMEOUT1800Max timeout (30 min)
TERRAFORM_DEFAULT_TIMEOUT300Default timeout (5 min)
TERRAFORM_MAX_VARIABLES100Max variables per execution
TERRAFORM_MAX_OUTPUT_LENGTH10000Max output characters

🔐 Security Configuration

Terraform Execution Security

SettingDefaultDescription
TERRAFORM_DANGEROUS_PATTERNS_ENABLEDtrueEnable pattern detection
TERRAFORM_WORKING_DIRECTORY_VALIDATIONtrueEnable directory validation
TERRAFORM_MAX_WORKING_DIRECTORY_DEPTH10Maximum directory depth
TERRAFORM_BLOCKED_WORKING_DIRECTORIES/etc, /usr, /bin, /sbin, /boot, /dev, /proc, /sysBlocked directories

Dangerous Patterns Detected

The server scans for 100+ dangerous patterns including:

Command Injection:

  • |, ;, &, &&, ||, >, >>, <, `, $(

System Commands:

  • sudo, chmod, chown, bash, sh, curl, wget, ssh, eval, exec

Windows Commands:

  • cmd, powershell, net, reg, runas, del, rmdir, .bat, .ps1

🚀 Starting the Server

Basic Start

uv run terraform_mcp_server

Custom Configuration

uv run terraform_mcp_server --host 0.0.0.0 --port 9000 --transport stdio

Available Options:

OptionDefaultDescription
--hostlocalhostServer host
--port8000Server port
--transportsseTransport protocol (sse or stdio)

🔌 MCP Client Configuration

SSE Transport (Default)

{
  "mcpServers": {
    "terraform-mcp-server": {
      "transport": "sse",
      "url": "http://localhost:8000/sse",
      "description": "Terraform MCP Server for IaC operations",
      "disabled": false,
      "autoApprove": []
    }
  }
}

Configuration Parameters

ParameterDescription
urlSSE endpoint URL
transportTransport protocol (sse)
disabledSet to true to disable
autoApproveTools to auto-approve (use with caution)

🔧 Troubleshooting

Neo4j Connection Failed

Error: Failed to connect to Neo4j database

Solutions:

  1. Verify Neo4j is running: docker ps
  2. Check NEO4J_URI is correct
  3. Verify credentials in NEO4J_PASSWORD
  4. Ensure ports 7474 and 7687 are accessible

Embedding Generation Failed

Error: Failed to generate embeddings

Solutions:

  1. Verify API key is set correctly
  2. Check API key has required permissions
  3. Ensure network access to AI provider

Terraform Command Not Found

Error: terraform: command not found

Solutions:

  1. Install Terraform: https://www.terraform.io/downloads
  2. Ensure Terraform is in PATH
  3. Check TERRAFORM_BINARY_PATH if custom location

Security Violation Error

Error: Security violation: dangerous pattern detected

Solutions:

  1. Review variables for dangerous patterns
  2. Use safe variable names and values
  3. Check working directory is in allowed list

Next Steps

  • 🛠️ Tools - Available MCP tools reference
  • 📖 Examples - Usage patterns and workflows