jamformer is a CLI tool that bootstraps a Terraform project from an existing Jamf instance. It connects to your environment, discovers resources via the Jamf API (or terraform query for Protect and Platform), generates Terraform import blocks, runs terraform plan -generate-config-out to produce HCL, then post-processes the output to add cross-resource references and organise files by resource type. The result is a realistic starting scaffold for learning from and refining — not production-ready code, but a honest first draft.
Features
- Supports the following Terraform providers: Jamf Pro, Protect, Platform, and Security Cloud (JSC)
- Discovers and exports 100+ resource types including policies, scripts, configuration profiles, smart and static groups, computer and mobile prestages, extension attributes, packages, categories, API integrations, and more
- Post-processing rewrites Jamf IDs to cross-resource Terraform references so relationships are explicit rather than hardcoded integers
- Extracts embedded content (scripts, profiles, app configs, branding assets) to separate support files
- Secret scanning via gitleaks with Jamf-specific rules and interactive remediation for embedded credentials — passwords, API tokens, WiFi passphrases, LDAP and SMTP secrets
- Compact mode consolidates uniform resource types into
for_eachpatterns for cleaner, production-closer output - Experimental multi-environment mode generates a shared module and per-environment directory structure for teams managing staging and production instances
- Read-only against Jamf — never modifies, creates, or deletes anything in your instance
Requirements
- Terraform 1.14 or later (auto-downloaded if not present)
- Jamf Pro (Auditor role or equivalent), Jamf Protect, Jamf Platform, or Jamf Security Cloud
- OAuth2 client credentials for Protect, Platform, and JSC; username/password or OAuth2 for Jamf Pro
- Go 1.26.2 or later to build from source