Open in app

Sign in

Write

Sign in

Bluesky Verification with HashiCorp Terraform

Elijah Snyder
2 min readNov 30, 2024

--

Bluesky Verification with HashiCorp Terraform, image by author

Bluesky offers users the ability to verify their handle and identity through using common domain records. Setting up this configuration is pretty straightforward — so let’s do it with terraform and Google Cloud DNS.

Verification Process

Bluesky’s verification process is outlined in their documentation and also on their blog post here. We have two really simple methods to accomplish the verification process.

Bluesky can reach out to your domain service and resolve an _atproto TXT record or you can use .well-known methods. For this example we’ll use the TXT record method since many people may not have websites attached to their domains.

The simplicity of this process is wonderful while still being able to appropriately “connect” handles to other web presences. You can use it with your own website for an example.org handle or many people can use subdomains for their handle (for example, foo.example.org and bar.example.org).

The code example here will use the second strategy so that many people can verify through a domain you own.

Once the TXT record is present you can use the Bluesky app to verify your handle.

The Code

We’ll be using Google Cloud which means we’ll need the Google Cloud Provider from the HashiCorp Provider Registry. If you want to skip straight ot the code you can find it on GitHub here.

We’ll also be using the HTTP provider to facilitate the query we need to fetch an existing Bluesky user’s DID (unique identifier).

Both of these providers are signed by HashiCorp and ready to use “out of the box”.

data "http" "user_lookup" {
  url = "https://public.api.bsky.app/xrpc/app.bsky.actor.getProfile?actor=${var.actor}"
}

The request above will grab an existing handle’s DID.

That DID is added to the TXT record.

resource "google_dns_record_set" "txt" {
...
  
rrdatas = [
    "did=${jsondecode(data.http.user_lookup.response_body).did}"
  ]
...

Which then allows the user to verify with Bluesky.

You can find the complete example on GitHub.

Conclusion

The Bluesky verification process is pretty straightforward and simple to implement.

Let’s see if we can get more people verified and showing off their cool domains!

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Bluesky Social
Terraform
DevOps

--

--

Elijah Snyder
Elijah Snyder

Written by Elijah Snyder

28 Followers
16 Following

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams