Bluesky Verification with HashiCorp Terraform

Bluesky offers users the ability to verify their handle and identity through using common domain records. Setting up this configuration is pretty straightforward — so let’s do it with terraform and Google Cloud DNS.
Verification Process
Bluesky’s verification process is outlined in their documentation and also on their blog post here. We have two really simple methods to accomplish the verification process.
Bluesky can reach out to your domain service and resolve an _atproto TXT record or you can use .well-known methods. For this example we’ll use the TXT record method since many people may not have websites attached to their domains.
The simplicity of this process is wonderful while still being able to appropriately “connect” handles to other web presences. You can use it with your own website for an example.org handle or many people can use subdomains for their handle (for example, foo.example.org and bar.example.org).
The code example here will use the second strategy so that many people can verify through a domain you own.
Once the TXT record is present you can use the Bluesky app to verify your handle.
The Code
We’ll be using Google Cloud which means we’ll need the Google Cloud Provider from the HashiCorp Provider Registry. If you want to skip straight ot the code you can find it on GitHub here.
We’ll also be using the HTTP provider to facilitate the query we need to fetch an existing Bluesky user’s DID (unique identifier).
Both of these providers are signed by HashiCorp and ready to use “out of the box”.
data "http" "user_lookup" {
url = "https://public.api.bsky.app/xrpc/app.bsky.actor.getProfile?actor=${var.actor}"
}
The request above will grab an existing handle’s DID.
That DID is added to the TXT record.
resource "google_dns_record_set" "txt" {
...
rrdatas = [
"did=${jsondecode(data.http.user_lookup.response_body).did}"
]
...
Which then allows the user to verify with Bluesky.
You can find the complete example on GitHub.
Conclusion
The Bluesky verification process is pretty straightforward and simple to implement.
Let’s see if we can get more people verified and showing off their cool domains!