diff --git a/DOCS.md b/DOCS.md
index 8c353d6..980207d 100644
--- a/DOCS.md
+++ b/DOCS.md
@@ -4,7 +4,9 @@ Use the Terraform plugin to apply the infrastructure configuration contained wit
 * `remote` - contains the configuration for the Terraform remote state tracking.
   * `backend` - the Terraform remote state backend to use.
   * `config` - a map of configuration parameters for the remote state backend. Each value is passed as a `-backend-config=<key>=<value>` option.
-* `vars` - a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `-var <key>=<value>` option.
+* `vars` - a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `-var
+ <key>=<value>` option.
+* `ca_cert` - ca cert to add to your environment to allow terraform to use internal/private resources
 
 The following is a sample Terraform configuration in your .drone.yml file:
 
@@ -18,7 +20,33 @@ deploy:
         bucket: my-terraform-config-bucket
         key: tf-states/my-project
         region: us-east-1
-      vars:
-        app_name: my-project
-        app_version: 1.0.0
+    vars:
+      app_name: my-project
+      app_version: 1.0.0
+```
+
+# Advanced Configuration
+
+## CA Certs
+You may want to run terraform against internal resources, like an internal
+OpenStack deployment.  Usually these resources are signed by an internal
+CA Certificate.  You can inject your CA Certificate into the plugin by using
+`ca_certs` key as described above.  Below is an example.
+
+```yaml
+deploy:
+  terraform:
+    dry_run: false
+    remote:
+      backend: swift
+      config:
+        path: drone/terraform
+    vars:
+      app_name: my-project
+      app_version: 1.0.0
+    ca_cert: |
+      -----BEGIN CERTIFICATE-----
+      asdfsadf
+      asdfsadf
+      -----END CERTIFICATE-----
 ```
diff --git a/main.go b/main.go
index 3626ad9..27c08b3 100644
--- a/main.go
+++ b/main.go
@@ -5,6 +5,7 @@ import (
 	"os"
 	"os/exec"
 	"strings"
+	"io/ioutil"
 
 	"github.com/drone/drone-plugin-go/plugin"
 )
@@ -13,6 +14,7 @@ type terraform struct {
 	Remote remote            `json:"remote"`
 	Plan   bool              `json:"plan"`
 	Vars   map[string]string `json:"vars"`
+	Cacert string            `json:"ca_cert"`
 }
 
 type remote struct {
@@ -31,6 +33,9 @@ func main() {
 
 	var commands []*exec.Cmd
 	remote := vargs.Remote
+	if vargs.Cacert != "" {
+		commands = append(commands, installCaCert(vargs.Cacert))
+	}
 	if remote.Backend != "" {
 		commands = append(commands, remoteConfigCommand(remote))
 	}
@@ -57,6 +62,13 @@ func main() {
 
 }
 
+func installCaCert(cacert string) *exec.Cmd {
+	ioutil.WriteFile("/usr/local/share/ca-certificates/ca_cert.crt", []byte(cacert), 0644)
+	return exec.Command(
+		"update-ca-certificates",
+	)
+}
+
 func remoteConfigCommand(config remote) *exec.Cmd {
 	args := []string{
 		"remote",