tfe_variable

Creates, updates and destroys variables.

Example Usage

Basic usage for workspaces:

resource "tfe_organization" "test" {
  name  = "my-org-name"
  email = "admin@company.com"
}

resource "tfe_workspace" "test" {
  name         = "my-workspace-name"
  organization = tfe_organization.test.name
}

resource "tfe_variable" "test" {
  key          = "my_key_name"
  value        = "my_value_name"
  category     = "terraform"
  workspace_id = tfe_workspace.test.id
  description  = "a useful description"
}

Basic usage for variable sets:

resource "tfe_organization" "test" {
  name  = "my-org-name"
  email = "admin@company.com"
}

resource "tfe_variable_set" "test" {
  name         = "Test Varset"
  description  = "Some description."
  global       = false
  organization = tfe_organization.test.name
}

resource "tfe_variable" "test-a" {
  key             = "seperate_variable"
  value           = "my_value_name"
  category        = "terraform"
  description     = "a useful description"
  variable_set_id = tfe_variable_set.test.id
}

resource "tfe_variable" "test-b" {
  key             = "another_variable"
  value           = "my_value_name"
  category        = "env"
  description     = "an environment variable"
  variable_set_id = tfe_variable_set.test.id
}

Argument Reference

The following arguments are supported:

Attributes Reference

Using readable_value

While the value field may be referenced in other resources, for safety it is always treated as sensitive. This means that it will always be redacted from plan outputs, and any other resource attributes which depend on it will also be redacted.

The readable_value attribute is not sensitive, and will not be redacted; instead, it will be null if the variable is sensitive. This allows other resources to reference it, while keeping their plan outputs readable.

For example:

resource "tfe_variable" "sensitive_var" {
  key          = "sensitive_key"
  value        = "sensitive_value" // this will be redacted from plan outputs
  category     = "terraform"
  workspace_id = tfe_workspace.workspace.id
  sensitive    = true
}

resource "tfe_variable" "visible_var" {
  key          = "visible_key"
  value        = "visible_value" // this will be redacted from plan outputs
  category     = "terraform"
  workspace_id = tfe_workspace.workspace.id
  sensitive    = false
}

resource "tfe_workspace" "sensitive_workspace" {
  name = "workspace-${tfe_variable.sensitive_var.value}" // this will be redacted from plan outputs
  organization = "organization name"
}

resource "tfe_workspace" "visible_workspace" {
  name = "workspace-${tfe_variable.visible_var.readable_value}" // this will not be redacted from plan outputs
  organization = "organization name"
}

readable_value will be null if the variable is sensitive. readable_value may not be set explicitly in the resource configuration.

Import

Variables can be imported.

To import a variable that's part of a workspace, use <ORGANIZATION NAME>/<WORKSPACE NAME>/<VARIABLE ID> as the import ID. For example:

terraform import tfe_variable.test my-org-name/my-workspace-name/var-5rTwnSaRPogw6apb

To import a variable that's part of a variable set, use <ORGANIZATION NAME>/<VARIABLE SET ID>/<VARIABLE ID> as the import ID. For example:

terraform import tfe_variable.test my-org-name/varset-47qC3LmA47piVan7/var-5rTwnSaRPogw6apb