Description

As discussed incoder/coder#3055, there's a need for a dedicated Terraform resource to write arbitrary files into Coder workspaces with proper permission control.

Problem

Currently, template authors need to use workarounds like:

• Environment variables (anti-pattern for large content like service account keys)
• Startup scripts with complex escaping (error-prone)
• Base64 encoding in startup scripts (as shown in the original issue)

Proposed Solution

Introduce acoder_file resource that allows template authors to:

• Write files with specified content to workspace paths
• Set file permissions (mode)
• Handle file ownership appropriately

Example Usage

resource"coder_file""gcp_credentials" {agent_id=coder_agent.dev.idpath="~/.gcp_creds.json"content=google_service_account_key.mykey.private_keymode="0600"}

Use Cases

• Service account keys and credentials
• Configuration files, i.e., mcp servers
• Any file content that needs to be dynamically generated

References

• Original request:inject file fromcoder_agent resource coder#3055
• Used extensively in Coder modules: github.com/coder/registry