diff --git a/tasks.py b/tasks.py
index 568b8ec..c4ceaba 100644
--- a/tasks.py
+++ b/tasks.py
@@ -198,6 +198,25 @@ def scan_age_keys(c, host):
     )
 
 
+@task
+def update_terraform(c):
+    """
+    Update terraform devshell flake
+    """
+    with c.cd("terraform"):
+        c.run(
+            """
+system="$(nix eval --impure --raw --expr 'builtins.currentSystem')"
+old="$(nix build --no-link --print-out-paths ".#devShells.${system}.default")"
+nix flake update --commit-lock-file
+new="$(nix build --no-link --print-out-paths ".#devShells.${system}.default")"
+commit="$(git log --pretty=format:%B -1)"
+diff="$(nix store diff-closures "${old}" "${new}" | awk -F ',' '/terraform/ && /→/ {print $1}')"
+git commit --amend -m "${commit}" -m "Terraform updates:" -m "${diff}"
+"""
+        )
+
+
 @task
 def format_disks(c, hosts="", disks=""):
     """