2

In my CI environment (Bitbucket pipelines) I'm trying to use the new Terraform Cloud remote state management. The announcement video clearly states you can use environment variables instead of the .terraformrc file to pass your API token. However, I cannot find any documentation on the exact environment variable I have to use.

I followed the getting started guide about Terraform Cloud, but there they also don't mention anything about environment variables.

I also looked at the environment variables section of the Terraform documentation, but there was also no mentioning of how to set (or override) the cli configuration.

030
  • 5,731
  • 12
  • 61
  • 107
jorianvo
  • 21
  • 2

3 Answers3

2

If you are using the Terraform Cloud/Enterprise provider, you could set the TFE_TOKEN environment variable.

Alternatively, you could write the terraform config file temporarily during the build, e.g.:

# Set environment variable
MY_TF_TOKEN='abc.123.abc123'

# Create .terraformrc with credential config for user
cat >~/.terraformrc <<EOL
credentials "app.terraform.io" {
  token = "${TF_CLOUD_TOKEN}"
}
EOL

Otherwise, you could (but not recommended) manipulate the credentials.tfrc.json in ~/.terraform.d but beware that this may be overwritten when running terraform commands. For example using jq in bash:

# Set environment variable
MY_TF_TOKEN='abc.123.abc123'

# Create json from environment variable and (over)write expected file 
jq --arg token $MY_TF_TOKEN \
    '{"credentials":{"app.terraform.io":{"token": $token}}}' \
    > ~/.terraform.d/credentials.tfrc.json

You should get the following when e.g. running cat ~/.terraform.d/credentials.tfrc.json:

{
  "credentials": {
    "app.terraform.io": {
      "token": "abc.123.abc123"
    }
  }
}
danialk
  • 121
  • 5
0

I want to contribute to this topic with 2 articles that helped me to configure my Azure Pipelines to log in to Terraform Cloud and download Modules hosted in a Private Registry in Terraform Cloud.

https://blog.devgenius.io/how-to-configure-azure-devops-with-terraform-enterprise-cac1bbd9810b https://mikehacker.dev/blog/configuring-terraform-enterprise-credentials-to-work-with-azure-devops/

Diogo Maul
  • 1
  • 1
    While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/late-answers/517884) – Dave M Apr 12 '22 at 21:21
  • Welcome to Server Fault! Your answer suggests a workable solution to the question is available via another website. The Stack Exchange family of Q&A websites [generally frowns on this type of answer](https://meta.stackexchange.com/questions/8231/are-answers-that-just-contain-links-elsewhere-really-good-answers). Please read [How do I write a good answer?](http://serverfault.com/help/how-to-answer) and consider revising your answer to include the steps required to resolve the issue. And don't forget to take the [site tour](http://serverfault.com/tour). – Paul Apr 12 '22 at 21:31
0

In the video they don't specify whether terraform expects a certain variable of not. One thing you can do however, is use the method to pass arbitrary environment variables, as long as their name starts with TF_VAR_ (example: TF_VAR_myvar). Then in your terraform files (in this example the terraformrc file) declare the variable with this line:

variable myvar {}

Then you can use it instead of hardcoded token value with this syntax: ${var.myvar}

adelch
  • 11