Skip to content

Instantly share code, notes, and snippets.

@ryan-blunden

ryan-blunden/Setting Terraform Cloud and Environment Variables using the Workspace Variables API.md

Created March 18, 2021 23:27
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ryan-blunden/e39c50ce72a81a0741e3d8699aa18471 to your computer and use it in GitHub Desktop.
Save ryan-blunden/e39c50ce72a81a0741e3d8699aa18471 to your computer and use it in GitHub Desktop.
Download ZIP
Setting Terraform Cloud and Environment Variables using the Workspace Variables API
Raw
env-var-payload-non-sensitive.json
{
"data": {
"type": "vars",
"attributes": {
"key": "TF_IGNORE",
"value": "trace",
"description": "Output debug messages to display ignored files and folders.",
"category": "env",
"hcl": false,
"sensitive": false
}
}
}
Raw
env-var-payload-sensitive.json
{
"data": {
"type": "vars",
"attributes": {
"key": "TF_VAR_api_key",
"value": "123456",
"description": "A secret API key",
"category": "terraform",
"hcl": false,
"sensitive": true
}
}
}
Raw
Setting Terraform Cloud and Environment Variables using the Workspace Variables API.md

Setting Terraform Cloud and Environment Variables using the Workspace Variables API

This presumes you've already signed up for Terraform Cloud and went through the onboarding flow which uses the tfc-getting-started repository.

The commands below use the first organization and workspace and presumes no Terraform variables (apart from provider_token) and environment variables exist.

It also only shows how to create a Terraform or environment variable.

NOTE: Before continuing, make sure you've created a user access token and exported it as TERRAFORM_TOKEN.

Be sure to check out the Workspace Variables API docs to learn more.

Also, jq commandline tool is required.

Get Organization and Workspace IDs

  1. Get Organization ID:
ORG_ID=$(curl \
--header "Authorization: Bearer $TERRAFORM_TOKEN" \
"https://app.terraform.io/api/v2/organizations/" | jq -r '.data[0].id')
  1. Get Workspace ID:
WORKSPACE_ID=$(curl \
  --header "Authorization: Bearer $TERRAFORM_TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
"https://app.terraform.io/api/v2/organizations/$ORG_ID/workspaces" | jq -r '.data[0].id')

Create Terraform variables

The list of Terraform vaiables will be saved to a terraform.tfvars file.

  1. Create Terraform variable with non-sensitive info (visible in dashboard and API):
curl \
  --header "Authorization: Bearer $TERRAFORM_TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @variable-payload-non-sensitive.json \
  "https://app.terraform.io/api/v2/workspaces/$WORKSPACE_ID/vars"
  1. Create Terraform variable with sensitive info (only accessible to Terraform cloud runs):
curl \
  --header "Authorization: Bearer $TERRAFORM_TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @variable-payload-sensitive.json \
  "https://app.terraform.io/api/v2/workspaces/$WORKSPACE_ID/vars"

Create environment variables

  1. Create environment variable with non-sensitive info (visible in dashboard and API):
curl \
  --header "Authorization: Bearer $TERRAFORM_TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @env-var-payload-non-sensitive.json \
  "https://app.terraform.io/api/v2/workspaces/$WORKSPACE_ID/vars"
  1. Create environment variable with sensitive info (only accessible to Terraform cloud runs)
curl \
  --header "Authorization: Bearer $TERRAFORM_TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @env-var-payload-sensitive.json \
  "https://app.terraform.io/api/v2/workspaces/$WORKSPACE_ID/vars"

List variables

  1. List environment vars:
curl \
  --header "Authorization: Bearer $TERRAFORM_TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  "https://app.terraform.io/api/v2/workspaces/$WORKSPACE_ID/vars" | jq

Additional notes

  • To update variables, the id for a secret must be fetched and added to the payload for a PATH request.
  • Only one variable can be set per API request
Raw
variable-payload-non-sensitive.json
{
"data": {
"type": "vars",
"attributes": {
"key": "hostname",
"value": "hostname value",
"description": "The hostname for a service",
"category": "terraform",
"hcl": false,
"sensitive": false
}
}
}
Raw
variable-payload-sensitive.json
{
"data": {
"type": "vars",
"attributes": {
"key": "api_key",
"value": "123456",
"description": "A secret API key",
"category": "terraform",
"hcl": false,
"sensitive": true
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment