- Prisma shipped a first-party Terraform provider for Prisma Postgres.
- Declare projects, databases, and Accelerate connections in .tf files, review with terraform plan, apply.
- No more Console click-ops.
TL;DR
Prisma now publishes an official Terraform provider — prisma/prisma-postgres — on the HashiCorp registry. Latest release v0.2.0 shipped Jan 9, 2026 under MPL-2.0. You declare projects, databases, and connections in HCL, authenticate with a single PRISMA_SERVICE_TOKEN, then drive the whole lifecycle with terraform plan / apply / destroy. If your infra already lives in Terraform, Prisma Postgres now lives there too — no more clicking through the Console.
What's new
The provider exposes three resources and one data source:
prisma-postgres_project— a workspace container for databases.prisma-postgres_database— a Postgres database deployed to a specific region, with direct PostgreSQL access.prisma-postgres_connection— an API key bundle that returns both a Prisma Accelerate pooledconnection_stringand adirect_url, both marked sensitive.prisma-postgres_regions(data source) — query supported regions instead of hardcoding them.
Minimal setup looks like this:
terraform {
required_providers {
prisma-postgres = {
source = "prisma/prisma-postgres"
version = "~> 0.1.0"
}
}
}
resource "prisma-postgres_project" "main" {
name = "my-app"
}
resource "prisma-postgres_database" "production" {
project_id = prisma-postgres_project.main.id
name = "production"
region = "us-east-1"
}Why it matters
Clicking through a dashboard is fine for one database. It falls apart the moment you need three: dev, staging, prod. Ops teams have spent a decade moving every other piece of infra — VPCs, Kubernetes clusters, DNS, object storage — into Terraform, precisely because click-ops does not review-and-approve, does not diff, does not roll back, and does not fit inside a PR.
Until now, managed Postgres providers tied to ORM ecosystems tended to ship their IaC story late. Prisma catching up closes a real gap: your Postgres + Accelerate connection is now a reviewable line in a pull request instead of a tab someone left open in Chrome.
Technical facts
| Item | Value |
|---|---|
| Provider source | prisma/prisma-postgres |
| Latest version | v0.2.0 (Jan 9, 2026) |
| License | MPL-2.0 |
| Terraform required | >= 1.0 |
| Auth | PRISMA_SERVICE_TOKEN env var |
| Default region (docs example) | us-east-1 |
| Resources | project, database, connection |
| Data sources | regions |
Credentials for prisma-postgres_connection are returned only at creation time. You can terraform import existing projects, databases, and connections, but imported connections will not recover the original secrets — rotate if you lose them.
Comparison
Prisma now ships three IaC paths. Pick what your team already runs:
| Tool | Language | Best for |
|---|---|---|
| Terraform | HCL | Infra teams on HashiCorp stack, multi-cloud monorepos |
| Pulumi | TS / Python / Go | Teams preferring general-purpose languages |
| Alchemy | TypeScript | JS-native shops with no infra team |
Against competing managed Postgres + Terraform combos (Neon, Supabase, AWS RDS), the Prisma differentiator is the Accelerate pooled connection string — it comes back as a first-class attribute of the connection resource, not as a separate service you wire up afterwards.
Use cases
- Reproducible per-env databases. One
main.tf, three workspaces — dev / staging / prod diverge only by variables. - Preview-env databases in CI. A PR pipeline runs
terraform applyagainst an ephemeral workspace, spins up a throwaway DB, runs migrations and integration tests, then destroys on merge. - Monorepo infra. A single plan provisions AWS VPC + Prisma Postgres + Vercel projects — state and drift detection in one place.
- Compliance. Every DB configuration change is a git diff, reviewable and revertable.
- Retrofitting existing projects.
terraform importbrings databases you provisioned in the Console under IaC without recreating them.
Limitations & pricing
- Pre-1.0 provider. v0.2.0 is young — expect breaking changes before a stable tag.
- Secrets rotate on import. Imported connections cannot recover their original
connection_string— if you lose it, rotate. - Long-lived tokens only. Auth is a static
PRISMA_SERVICE_TOKEN; no OIDC / workload identity yet, so keep it in a secret manager and do not bake it into CI logs. - Pricing. The provider itself is free. Underlying Prisma Postgres follows its normal pricing — free tier plus paid plans for production throughput and storage. The provider release did not change pricing.
What's next
Signals from the repo point to wider resource coverage, more data sources, and likely auth improvements (short-lived tokens, OIDC-style workload identity) before a 1.0 stable tag. If you already run Terraform, pinning ~> 0.1.0 today is safe enough for non-production; wait for 1.0 before standardising the provider across a fleet of mission-critical databases.
Nguồn: prisma.io docs, github.com/prisma/terraform-provider-prisma-postgres, Terraform Registry, @prisma on X.
