Provides a resource to manage a pipeline's config vars.
The pipeline config var API can only retrieve config vars that can be set at the pipeline level. Additionally, these two supported pipeline stages are:
The development, staging & production stages do not have stage-level config vars, only those on the apps within each stage.
# Create a Heroku pipeline
resource "heroku_pipeline" "test-pipeline" {
name = "test-app"
}
resource "heroku_pipeline_config_var" "configs" {
pipeline_id = heroku_pipeline.test-pipeline.id
pipeline_stage = "test"
vars = {
ENV = "test"
TARGET = "develop"
}
sensitive_vars = {
TEST_ACCESS_TOKEN = "some_access token"
}
}
The following arguments are supported:
pipeline_id
- (Required) The UUID of an existing pipeline.pipeline_stage
- (Required) The pipeline's stage. Supported values are test
& review
.vars
- Map of config vars that can be output in plaintext.sensitive_vars
- This is the same as vars
. The main difference between the two attributes is sensitive_vars
outputs
are redacted on-screen and replaced by a <sensitive>
placeholder, following a terraform plan
or apply
.
It is recommended to put private keys, passwords, etc in this argument.The following attributes are exported:
all_vars
- All vars of a pipeline stage. This is marked sensitive
so that sensitive_vars
do not leak in the console/logs.This resource defines two config var attributes with one of them used for masking any sensitive/secret variables
during a terraform plan|apply
in a CI build, terminal, etc. This 'sensitive' distinction for config vars is unique to
this provider and not a built-in feature of the Heroku Platform API. Therefore, it will not be possible to import
this resource.
However, it is safe to define the resource in your configuration file and execute a terraform apply
as the end result is noop
when the config vars already exist on the remote resource.