Terraform Cloud Variable Sets Beta Now Available
HashiCorp Terraform Cloud variable sets let you simplify the management of reusable variables across an entire organization. This feature is now available in public beta.
Reusability is a key theme for HashiCorp Terraform. By making Terraform components reusable, practitioners increase productivity and reduce errors, while organizations benefit from standardization and reduced risk. We see this when organizations standardize around specific modules in their Terraform Cloud private module registry or leverage policy sets across numerous workspaces using Sentinel.
HashiCorp Terraform Cloud is now introducing a new reusable component in public beta: variable sets. Variable sets allow Terraform Cloud users to reuse both Terraform-defined and environment variables not just from root to child modules, but across certain workspaces or an entire organization. The most obvious use case is credential management, but variables can also manage anything: the size of an instance, availability zones, tags, the type of plan you're deploying on a hosted service — even the artists on a Spotify playlist.
» Reuse Variables Across Multiple Workspaces
One of the most common use cases for variable sets is credential and identity management. Regardless of the service being consumed, there is almost always a need to establish how Terraform should authenticate it, and as who. The process of creating and defining credentials and service principles across multiple workspaces can become cumbersome as an organization’s workspaces grow to enterprise scale.
The public beta of variable sets provides a brand new way for you to manage variables, especially those being reused, within an organization. Organization owners or workspace managers can manage variable sets through the organization’s settings page. There, you can create collections of variables, known as variable sets, which can then be associated with one, several, or all of an organization’s workspaces. Variable sets can then be used, rotated, or even revoked at any time.
» Variable Sets Use Cases
As mentioned, variables extend far beyond credential management. Variables can manage anything from availability zones to more complex things, like populating frequently used module arguments containing Terraform-defined and environmental variables. This is where the magic comes in. Using variable sets, organizations can more easily solve issues such as:
- Disaster recovery: If an availability zone goes down or otherwise has issues, organizations can move entire fleets of infrastructure by switching the availability zone in a variable set.
- Cost optimization: Many organizations find they overspend on the infrastructure they use for non-production environments. Using variable sets, administrators can configure specific instance sizes which may be more cost effective to those development and pre-production environments.
- Tagging: Administrators can provide a new level of consistency to how tags are applied to provisioned infrastructure with variable sets’ broader management scope.
» Variable Precedence
As you start to use variable sets, it’s important to understand variable precedence — the order in which variables and variable sets are applied to workspaces. Variable sets have their own level of precedence.
Variable sets applied across all workspaces have the lowest level of precedence. Then, a variable set assigned to a specific workspace (or specific workspaces) can supersede an organization-wide variable set. Lastly, single variables defined within an individual workspace will override any variables defined through a variable set. A workspace's variables pane (example below) provides additional context regarding whether a variable has been overwritten due to the established precedence.
» API Management of Variable Sets
There is also a new API service to manage variable sets. You can use this service to manage each aspect of the variable sets feature. Here is a sample payload to create a variable set, containing a single variable, which is applied across all workspaces in the organization:
{
"data": {
"type": "varsets",
"attributes": {
"name": "Azure Location - Default",
"description": "Azure location to deploy workloads by default.",
"is-global": true
},
"relationships": {
"workspaces": {
"data": [
{
"id": "TPMM-Org",
"type": "organizations"
}
]
},
"vars": {
"data": [
{
"type": "vars",
"attributes": {
"key": "location",
"value": "useast",
"category": "terraform"
}
}
]
}
}
}
}
» Get Started with Variable Sets
Variable sets are available to every tier of Terraform Cloud users. Documentation on variable sets is available here: Managing Variables in Terraform Cloud. The TFE provider will be updated in a future release to add support for variable sets. Feedback is greatly appreciated and can be given through the in-product link titled “Give feedback on variable sets” which is located on the variable sets pane or on the following HashiCorp Discuss post: Terraform Cloud Release: Variable Sets Public Beta .
Terraform Cloud is free to try, and organizations can upgrade to the Team & Governance or Business tiers at any time. To get started with Terraform Cloud, sign up and follow our Get Started with Terraform Cloud tutorial. To get started with variable sets, follow our new HashiCorp Learn guide: Manage Variable Sets in Terraform Cloud.
Sign up for the latest HashiCorp news
More blog posts like this one
New Terraform integrations with Crowdstrike, Datadog, JFrog, Red Hat, and more
12 new Terraform integrations from 9 partners provide more options to automate and secure cloud infrastructure management.
Terraform delivers launch-day support for Amazon S3 Tables, EKS Hybrid Nodes, and more at re:Invent
The Terraform provider for AWS now enables users to manage a variety of new services just announced at re:Invent.
HashiCorp at re:Invent 2024: Infrastructure Lifecycle Management with AWS
A recap of HashiCorp infrastructure news and developments on AWS from the past year, from a new provider launch to simplifying infrastructure provisioning and more.