Configuring Stripe using Terraform and AI agents

Learn why using AI agents to author Terraform code is safer than direct API calls for Stripe configuration. Get transparent, consistent, and auditable infrastructure with code review workflows.

Michael Selander
7 min readintermediate
--
View Original

Overview

This article presents a pattern for using AI agents to author Terraform configuration files for Stripe infrastructure instead of having agents make direct API calls. It addresses three core challenges—transparency, consistency, and auditability—that arise when AI agents directly configure Stripe accounts, and demonstrates how the Stripe Terraform provider solves these problems by treating infrastructure as reviewable, version-controlled code.

What You'll Learn

1

How to define Stripe products, prices, and webhook endpoints as Terraform configuration files

2

Why AI agents should author Terraform code rather than directly operate Stripe accounts

3

How to use Terraform workspaces to safely manage Stripe sandbox and livemode environments

4

When to use terraform plan and terraform apply in development vs CI/CD pipelines

5

How to achieve transparency, consistency, and auditability for Stripe infrastructure using Infrastructure as Code

Prerequisites & Requirements

  • Basic understanding of Terraform concepts (providers, resources, variables, workspaces)
  • Stripe account with API keys for sandbox and/or livemode
  • Terraform CLI installed locally
  • Familiarity with AI coding agents and prompt-based workflows(optional)
  • Understanding of Stripe objects such as products, prices, and webhook endpoints

Key Questions Answered

Why shouldn't AI agents directly make Stripe API calls for infrastructure setup?
AI agents making direct API calls create three problems: transparency issues because one-off calls are buried in ephemeral agent threads, consistency issues because stochastic agents produce different outputs from identical prompts causing environment drift, and auditability issues because API calls only describe intended changes rather than current state, making it difficult to understand what exists at any point in time.
How do you configure Stripe products and prices using Terraform?
You define Stripe resources in .tf files using the stripe/stripe Terraform provider (version ~> 0.1). Products are defined as stripe_product resources with name and description, prices as stripe_price resources linked to products with currency, unit_amount (in cents), and recurring interval settings. You then run terraform init, terraform plan, and terraform apply with your STRIPE_API_KEY environment variable set.
How do Terraform workspaces help manage Stripe sandbox and livemode environments?
Terraform workspaces give each environment its own separate state file while sharing the same .tf configuration. You create separate workspaces for sandbox and livemode, select the appropriate workspace, export the matching STRIPE_API_KEY (sk_test_ for sandbox, sk_live_ for livemode), then run terraform plan and apply. This prevents accidentally applying sandbox changes to production.
What is the recommended workflow for AI agents managing Stripe infrastructure?
The recommended five-step workflow is: describe the desired Stripe setup to the AI agent, the agent translates requirements into Stripe objects (products, prices, webhooks), the agent creates or edits Terraform files, in development you run terraform plan to validate then terraform apply, and in production your CI/CD pipeline runs terraform apply after changes are approved and merged via pull requests.
How does Terraform solve the auditability problem with AI agent infrastructure changes?
When Stripe infrastructure is expressed as Terraform code stored in Git, you automatically inherit standard software auditing capabilities. Git history shows who changed what and when, pull request reviews capture why a change was made, and you can see exact diffs that were reviewed and applied—moving from 'an agent did something at some point' to precise, documented change tracking.
What Stripe resources can be managed with the Stripe Terraform provider?
The article demonstrates managing stripe_product resources for defining products with names and descriptions, stripe_price resources for configuring pricing with currency, amounts, and recurring intervals (monthly/yearly), and stripe_webhook_endpoint resources for setting up webhook URLs with specific enabled events like checkout.session.completed, invoice.paid, and subscription lifecycle events.
How do you set up Stripe webhook endpoints in Terraform?
Define a stripe_webhook_endpoint resource with a url parameter (passed as a Terraform variable for environment flexibility) and an enabled_events list specifying which Stripe events to receive. The article's example subscribes to checkout.session.completed, invoice.paid, invoice.payment_failed, and customer.subscription lifecycle events (created, updated, deleted).

Technologies & Tools

Some links below are affiliate links. We may earn a commission if you make a purchase.

Infrastructure As Code
Terraform
Declarative configuration management for Stripe resources including products, prices, and webhook endpoints
Payment Platform
Stripe
Target infrastructure being configured—products, prices, webhook endpoints managed as Terraform resources
Terraform Provider
Stripe Terraform Provider
Bridges Terraform with the Stripe API, enabling Stripe resources to be defined as code (stripe/stripe provider version ~> 0.1)
Development Tooling
AI Agents
Used as code authors to generate Terraform configuration files rather than making direct API calls
Version Control
Git
Version control for Terraform files providing audit trail, change history, and pull request review workflows

Key Actionable Insights

1
Make AI agents code authors, not infrastructure operators. Instead of prompting an agent to 'create a Stripe product and price,' prompt it to 'set up my pricing structure XYZ using Terraform.' This ensures all changes are captured as reviewable code rather than ephemeral API calls buried in agent threads.
This is the article's central best practice. It preserves the speed benefit of AI agents while adding the safety net of code review and version control.
2
Use Terraform workspaces to isolate Stripe sandbox and livemode environments with separate state files while keeping a single set of .tf configuration files. This prevents accidental cross-environment changes and ensures both environments stay in sync with the same resource definitions.
The key safety mechanism is aligning the selected workspace with the correct STRIPE_API_KEY—sandbox workspace with sk_test_ keys and livemode workspace with sk_live_ keys.
3
Always run terraform plan before terraform apply in development to validate what changes will be made. In production environments, gate terraform apply behind CI/CD pipelines that require pull request approval and merge before changes are applied to livemode.
This two-phase validation approach catches configuration errors before they affect real Stripe accounts and creates an auditable approval trail for production changes.
4
Parameterize environment-specific differences using Terraform variables rather than maintaining separate copies of configuration files. Values like webhook URLs that differ between environments should be passed as variables, keeping the core resource definitions identical across sandbox and livemode.
The article demonstrates this with the webhook_url variable, which is passed via the -var flag during terraform plan and apply commands.
5
Use Terraform outputs to expose critical resource identifiers like price IDs that your application code needs to reference. This creates a clear contract between your infrastructure configuration and application code, and the output values are always in sync with what's actually deployed.
The example outputs monthly_price_id and yearly_price_id, which applications typically need for creating Stripe Checkout sessions or subscriptions.
6
Store your Stripe Terraform configuration in version control and treat changes like any other code change—with pull request reviews, diffs, and commit history. This transforms opaque agent-driven changes into transparent, auditable infrastructure evolution where you can track who changed what and why.
This directly addresses the auditability challenge, providing a complete history of your Stripe configuration's evolution over time.

Common Pitfalls

1
Using AI agents to make direct Stripe API calls instead of generating Terraform code. These one-off changes create 'mystery state' that is difficult to audit, reproduce, or track over time, as successful changes rarely become a durable source of truth.
After a week, it becomes hard to answer questions like what products and prices exist, how sandbox and livemode differ, and what changed—without digging through old agent threads or reverse-engineering the Dashboard.
2
Relying on the stochastic nature of AI agents for consistent infrastructure setup. Giving the exact same prompt twice to the same agent often produces different outputs, leading to configuration drift between development and production environments.
This drift causes subtle bugs where everything works in test environments but fails in production, because the agent created slightly different configurations each time.
3
Misaligning Terraform workspaces with Stripe API keys, such as selecting the sandbox workspace but exporting a livemode API key (sk_live_). This can result in applying sandbox-intended changes to your production Stripe account.
The selected workspace determines which state file Terraform uses, while the STRIPE_API_KEY determines which Stripe environment is modified. Both must be aligned for safe operations.
4
Maintaining separate copies of Terraform configuration files for each environment instead of using workspaces and variables. This leads to configuration drift between copies and duplicated maintenance effort.
Terraform workspaces with parameterized variables (like webhook_url) allow you to keep a single set of .tf files while safely targeting different Stripe environments.

Related Concepts

Infrastructure As Code
Declarative Configuration Management
Terraform Workspaces
Terraform State Management
Stripe API
Stripe Products And Prices
Webhook Endpoint Configuration
CI/CD Pipelines For Infrastructure
Environment Isolation
Gitops Workflows
Pull Request-based Infrastructure Reviews
Ai-assisted Code Generation