Skip to content
Terrateam

Secrets and Variables

Terrateam provides several ways to manage sensitive information and customize your Terraform configurations using secrets, variables, and tfvars files. This guide will walk you through how to create and use secrets, set environment variables, and use tfvars files to manage your Terraform variables.

GitHub Secrets and Variables

Environment Variables

GitHub Secrets and Variables can be used to set environment variables. They are translated into environment variables in the Terrateam GitHub Action runtime environment. These environment variables may be referenced in your Terraform code.

Using TF_VAR Environment Variables

Secrets and variables that start with TF_VAR_ are treated specially by Terrateam.

GitHub secrets and variables are always uppercase, however by convention Terraform variables are lowercase. Terrateam automatically finds all secrets that start with TF_VAR_ and creates a new environment variable that has the lowercase name. If the lowercase name exists, no action is taken. The uppercase environment variable is left unchanged. For example, the secret TF_VAR_LOGIN_TOKEN will create a new environment variable called TF_VAR_login_token.

Security

Your secrets and variables never touch our servers outside of Terraform plan files.

Hooks and Workflows

Terrateam also allows you to set environment variables using Hooks and Workflows.

Hooks

You can set an environment variable at the very start of a Terrateam operation using Hooks.

hooks:
  plan:
    pre:
      - type: env
        name: FOO
        cmd: ['echo', 'BAR']
  apply:
    pre:
      - type: env
        name: BAZ
        cmd: ['echo', 'QUX']

Workflows

You can also set an environment variable at the start of each Plan and Apply operation.

workflows:
  - tag_query: ""
    plan:
      - type: init
      - type: env
        name: FOO
        cmd: ["echo", "BAR"]
      - type: plan
    apply:
      - type: init
      - type: env
        name: FOO
        cmd: ["echo", "BAR"]
      - type: apply

.tfvars

Terraform allows you to define variables in .tfvars files, which can be used to customize your Terraform configurations.

To use a tfvars file with Terrateam, you can specify the file path in your workflow configuration using the extra_args option.

workflows:
  - tag_query: ""
    plan:
      - type: init
      - type: plan
        extra_args: ["-var-file=qa.tfvars"]
    apply:
      - type: init
      - type: apply

In this example, the qa.tfvars file will be used during the plan step.