meshCLI: Login with your personal meshStack identity for use in the Terraform provider
Jelle den Burger
Problem / Use Case
When using the meshStack Terraform provider, authentication currently requires a long-lived API key (client ID + secret). This means every developer or platform engineer who wants to run
terraform plan
or terraform apply
locally must either:- Create and manage a personal API key, or
- Share a team/service-account API key — reducing auditability and violating least-privilege principles.
There is no way to authenticate as your personal meshStack user (e.g. via SSO / Entra ID) when using the Terraform provider. This is a gap compared to other cloud provider CLI experiences, such as
az login
(Azure), gcloud auth login
(GCP), or aws sso login
(AWS), where a one-time interactive browser login gives the CLI and Terraform provider access to your personal identity.Value / Impact
A meshCLI with a
meshcli login
command (or equivalent) would allow platform engineers and application team members to:- Authenticate once using their corporate SSO identity (Entra ID, Okta, etc.) via a browser popup.
- Have the meshStack Terraform provider automatically pick up the resulting short-lived token — no long-lived secrets required.
- Improve auditability: all API calls and Terraform operations are attributed to the real user, not a shared service account.
- Reduce the operational burden of managing, rotating, and distributing API keys for local development workflows.
This would bring meshStack's developer experience in line with modern cloud CLI tooling and support zero-standing-privileges / short-lived credential patterns.