Variable Management in Terraform Cloud
Any developer can tell you that when building an application, script, or any code-based object, variables are a critical component. The same is true with any Terraform configuration. From creating modularity and reusability to simply ensuring sensitive information isn’t stored in publicly-accessible repositories, variables are a simple way to make your code more flexible, secure, and readable. But those same developers can also tell you that managing variables in highly complex code can be a real chore!
» Managing Variables in Terraform Cloud
Terraform Cloud provides a robust system for managing your variables. Whether you want to manage them directly from a Terraform configuration or consume or control them via the UI, HashiCorp has you covered. And with our recent addition of variable descriptions in the UI and a facelift to the variable management page, we’d like to share some more about variables with you.
When working with Terraform Cloud, your runs are executed within a particular workspace. These workspaces are isolated from one another, each containing their own state file, access permissions, configurations, and yes, variables.
Because the workspace performs your runs in isolation, you can define two types of variables. Terraform variables are used by the configurations you apply and might normally be stored in a vars.tf
or terraform.tfvars
file in your repository, if you were using the Terraform CLI. Environment variables are those which you’d store in your system environment using export
or set
commands, depending on your operating system. Both types of variables set values that can be consumed by your configuration when a run happens.
» Workspace Variables in the UI
Managing variables in the Terraform Cloud UI is done by opening your workspace, then visiting the Variables pane. Here you can define both types of variables, as well as control how they are displayed and used throughout the workspace.
You may notice that some of these variables are marked with a Sensitive label. This means that the value is only visible when you first enter it on creation; after that, the value is marked as write-only. It can be changed, but not viewed by a UI user.
Another new label you’ll notice in the UI is HCL. This denotes a variable that contains not simple text, but rather HCL code that can be interpolated and processed as more than a string value. These variables now display in a fixed-width font for easy readability, and if you use the new pop-up variable actions menu to edit one you can see how it’s defined.
In this view, you can see how we have defined this simple map of AMI values as an HCL variable. We’ve also defined a description to make it clear to other users of the workspace what the intended purpose of this particular variable is, making it easier for your teammates to understand how a workspace is configured.
It’s also possible to manage your Terraform Cloud variables using the Terraform Enterprise Provider, which can be a simpler way to deal with large quantities of variables at once, or manage them programmatically. For more information on using the Terraform Enterprise Provider to manage variables, check out the documentation here.
» Getting Started
If you’d like to learn more about using variables within Terraform Cloud, you can sign up for a free account, head over to our documentation for more details, or visit the HashiCorp Learn platform and see Terraform in action today!
Sign up for the latest HashiCorp news
More blog posts like this one
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Speed up app delivery with automated cancellation of plan-only Terraform runs
Automatic cancellation of plan-only runs allows customers to easily cancel any unfinished runs for outdated commits to speed up application delivery.