This presumes you've already signed up for Terraform Cloud and went through the onboarding flow which uses the tfc-getting-started repository.
The commands below use the first organization and workspace and presumes no Terraform variables (apart from provider_token
) and environment variables exist.
It also only shows how to create a Terraform or environment variable.
NOTE: Before continuing, make sure you've created a user access token and exported it as
TERRAFORM_TOKEN
.
Be sure to check out the Workspace Variables API docs to learn more.
Also, jq
commandline tool is required.
- Get Organization ID:
ORG_ID=$(curl \
--header "Authorization: Bearer $TERRAFORM_TOKEN" \
"https://app.terraform.io/api/v2/organizations/" | jq -r '.data[0].id')
- Get Workspace ID:
WORKSPACE_ID=$(curl \
--header "Authorization: Bearer $TERRAFORM_TOKEN" \
--header "Content-Type: application/vnd.api+json" \
"https://app.terraform.io/api/v2/organizations/$ORG_ID/workspaces" | jq -r '.data[0].id')
The list of Terraform vaiables will be saved to a terraform.tfvars
file.
- Create Terraform variable with non-sensitive info (visible in dashboard and API):
curl \
--header "Authorization: Bearer $TERRAFORM_TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @variable-payload-non-sensitive.json \
"https://app.terraform.io/api/v2/workspaces/$WORKSPACE_ID/vars"
- Create Terraform variable with sensitive info (only accessible to Terraform cloud runs):
curl \
--header "Authorization: Bearer $TERRAFORM_TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @variable-payload-sensitive.json \
"https://app.terraform.io/api/v2/workspaces/$WORKSPACE_ID/vars"
- Create environment variable with non-sensitive info (visible in dashboard and API):
curl \
--header "Authorization: Bearer $TERRAFORM_TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @env-var-payload-non-sensitive.json \
"https://app.terraform.io/api/v2/workspaces/$WORKSPACE_ID/vars"
- Create environment variable with sensitive info (only accessible to Terraform cloud runs)
curl \
--header "Authorization: Bearer $TERRAFORM_TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @env-var-payload-sensitive.json \
"https://app.terraform.io/api/v2/workspaces/$WORKSPACE_ID/vars"
- List environment vars:
curl \
--header "Authorization: Bearer $TERRAFORM_TOKEN" \
--header "Content-Type: application/vnd.api+json" \
"https://app.terraform.io/api/v2/workspaces/$WORKSPACE_ID/vars" | jq
- To update variables, the id for a secret must be fetched and added to the payload for a
PATH
request. - Only one variable can be set per API request