cfop-generator converts a Cloudflare zone export file into Cloudflare Operator DNSRecord YAML manifests.
- Go
1.26.0+if building from source. - A Cloudflare zone export file (plain text) as input.
go install github.com/containeroo/cfop-generator@latestgo run . -file ./testdata/example.com.txtcfop-generatordoes not call Cloudflare APIs and does not require API credentials.- Authentication is handled later by the controller/operator that applies the generated YAML.
- Export your zone file from Cloudflare first, then pass it with
-file.
cfop-generator -file <zonefile> [-proxied=true|false] [-output <path>]
cfop-generator completion bash|zsh
cfop-generator version-file(required): path to the exported zone file.-proxied(defaulttrue): setsspec.proxiedfor generated records.-output(optional): writes output to a file using file mode0600.
# Print YAML to stdout
cfop-generator -file ./example.com.txt
# Disable proxying in generated records
cfop-generator -file ./example.com.txt -proxied=false
# Write secure output file (mode 0600)
cfop-generator -file ./example.com.txt -output ./records.yamlCompletion scripts are generated by the CLI and are produced during release builds (they are not stored as static tracked assets in this repository).
cfop-generator completion bash > /usr/local/etc/bash_completion.d/cfop-generator
source /usr/local/etc/bash_completion.d/cfop-generatormkdir -p "${fpath[1]}"
cfop-generator completion zsh > "${fpath[1]}/_cfop-generator"
autoload -Uz compinit && compinit- Zone files can contain infrastructure details; treat them as sensitive.
- Prefer
-outputfor local files so generated manifests are written with restrictive permissions (0600). - Review generated manifests before committing or sharing them.
SOAandNSrecords are skipped.MXandSRVrecords are validated for expected field counts.- Output order is deterministic for stable diffs and reproducible output.