Manages variable groups within Azure DevOps.
resource "azuredevops_project" "example" {
name = "Example Project"
work_item_template = "Agile"
version_control = "Git"
visibility = "private"
description = "Managed by Terraform"
}
resource "azuredevops_variable_group" "example" {
project_id = azuredevops_project.example.id
name = "Example Variable Group"
description = "Example Variable Group Description"
allow_access = true
variable {
name = "key1"
value = "val1"
}
variable {
name = "key2"
secret_value = "val2"
is_secret = true
}
}
resource "azuredevops_project" "example" {
name = "Example Project"
work_item_template = "Agile"
version_control = "Git"
visibility = "private"
description = "Managed by Terraform"
}
resource "azuredevops_serviceendpoint_azurerm" "example" {
project_id = azuredevops_project.example.id
service_endpoint_name = "Example AzureRM"
description = "Managed by Terraform"
credentials {
serviceprincipalid = "00000000-0000-0000-0000-000000000000"
serviceprincipalkey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
azurerm_spn_tenantid = "00000000-0000-0000-0000-000000000000"
azurerm_subscription_id = "00000000-0000-0000-0000-000000000000"
azurerm_subscription_name = "Example Subscription Name"
}
resource "azuredevops_variable_group" "example" {
project_id = azuredevops_project.example.id
name = "Example Variable Group"
description = "Example Variable Group Description"
allow_access = true
key_vault {
name = "example-kv"
service_endpoint_id = azuredevops_serviceendpoint_azurerm.example.id
}
variable {
name = "key1"
}
variable {
name = "key2"
}
}
The following arguments are supported:
project_id
- (Required) The ID of the project.name
- (Required) The name of the Variable Group.description
- (Optional) The description of the Variable Group.allow_access
- (Required) Boolean that indicate if this variable group is shared by all pipelines of this project.variable
- (Optional) One or more variable
blocks as documented below.key_vault
-(Optional) A list of key_vault
blocks as documented below.A variable
block supports the following:
name
- (Required) The key value used for the variable. Must be unique within the Variable Group.value
- (Optional) The value of the variable. If omitted, it will default to empty string.secret_value
- (Optional) The secret value of the variable. If omitted, it will default to empty string. Used when is_secret
set to true
.is_secret
- (Optional) A boolean flag describing if the variable value is sensitive. Defaults to false
.A key_vault
block supports the following:
name
- The name of the Azure key vault to link secrets from as variables.service_endpoint_id
- The id of the Azure subscription endpoint to access the key vault.search_depth
- Set the Azure Key Vault Secret search depth. Defaults to 20
. In addition to all arguments above, the following attributes are exported:
id
- The ID of the Variable Group returned after creation in Azure DevOps.Variable groups containing secret values cannot be imported.
Azure DevOps Variable groups can be imported using the project name/variable group ID or by the project Guid/variable group ID, e.g.
terraform import azuredevops_variable_group.example "Example Project/10"
or
terraform import azuredevops_variable_group.example 00000000-0000-0000-0000-000000000000/0
_Note that for secret variables, the import command retrieve blank value in the tfstate._