bitcain docs
Infrastructure

Infrastructure

Infrastructure Modules

The bitcain.net control plane manages identity, access, DNS, and security through Terraform. All module docs below are auto-generated from .tf files using terraform-docs.

Modules

ModulePurpose
CloudflareDNS, SSL/TLS, WAF, rate limiting, health checks, Zero Trust Access, KV, email DNS
GCP IdentityWorkload Identity Federation, Workforce Federation, Secret Manager, Service Accounts
GitHub IdentityOrg security settings, OIDC subject claim customization
Entra IDMicrosoft Entra ID apps, SAML/OIDC federation, Conditional Access, FIDO2
SupabaseProject settings and API configuration

Architecture

Identity Rings (never mix across rings):
  Ring 1 (Workforce)  → Microsoft Entra ID (source of truth)
  Ring 2 (Admin/Infra) → Cloudflare Access (bound to Ring 1 via OIDC)
  Ring 3 (Customers)  → Supabase Auth (completely isolated)

Key References

KeyValue
Cloudflare Zonedc968d89b579c99319eb46bc60f7519e
GCP Projectbitcain-net-458309
Entra Tenant22aef4ee-2e5c-4dd2-a465-eb15a4f3ce4d
TF Stategs://bitcain-terraform-state-controlplane/terraform/production

On this page