Twingate Connectors run in a
linux/amd64 Docker container, which makes them widely compatible with a range of deployment methods and environments. The information below will help you automate their deployment.
Full Automation: Terraform Provider
If your organization uses Terraform to manage your infrastructure as code, you can use Twingate’s Terraform provider to automatically provision Connectors, along with other Twingate constructs such as Resources and Remote Networks. Please see the documentation for more details.
Deployment Automation Alternatives
Twingate Admin API
Twingate’s Admin API provides programmatic control over most admin functions, which you can use to automate the configuration of your Twingate Network.
The API can also specifically be used to provision Connectors and new tokens programatically.
If you do not use Terraform, or do not wish to use the API, you may retrieve tokens from the Admin Console using the “Manual” Connector deployment option in the Admin Console. Note that the Connector tokens are unique to that specific Connector, and these tokens cannot be reused for multiple Connectors.
Therefore, in order to incorporate Connectors into a semi-automated process, keep the following in mind:
- You must continue to provision new Connectors through the Admin console or through the Twingate API.
- Use the environment variables generated for that specific Connector.
- The configuration variable for a single Connector cannot be re-used for additional Connectors.
Connector deployment parameters
If you are deploying Connectors and using manual token generation as described in the previous section, the following information will help deploy Connectors successfully.
Connector image source:
- The Connector image is public and hosted on Docker Hub. You can use an image registry address of
docker.iowith the image name
twingate/connectorand image tag
Fixed deployment parameters:
TWINGATE_NETWORKshould be the subdomain of your Twingate account (eg.
acmeif your account is at
- The Docker parameter
--restart=unless-stoppedis used to ensure that the Connector container is always automatically restarted unless explicitly stopped. The equivalent setting should be used in any other container environment.
Connector-specific deployment parameters are:
TWINGATE_ACCESS_TOKENis an authentication token specific to the Connector being deployed. This should be treated as a secret and never checked into source control.
TWINGATE_REFRESH_TOKENis an authentication refresh token specific to the Connector being deployed. This should similarly be treated as a secret.
- The Docker parameter
--nameis used to identify the connector in your container management system. You can any name here, but it is probably most helpful to ensure that it matches the auto-generated name in the Admin console.
DNS_SERVERis an optional parameter that specifies what DNS server the Connector should use to resolve Resources. If this is a private DNS server, it must be accessible from the Connector host.
Example: Helm Chart
An example of pulling all of the above together for a Helm Chart can be found here: https://github.com/Twingate/helm-charts
Last updated 8 hours ago