Secrets

GitHub Secrets (opens in a new tab) can be used to store sensitive information. They are translated into environment variables in the Terrateam GitHub Action runtime environment. These environment variables may be referenced in your Terraform code.

Your secrets never touch our servers outside of Terraform plan files.

TF_VAR Environment variables

Secrets that start with TF_VAR_ are treated specially by Terrateam.

GitHub Secrets are always uppercase, however by convention Terraform variables are lowercase. Terrateam automatically finds all secrets that start with TF_VAR_ and creates a new environment variable that has the lowercase name. If the lowercase name exists, no action is taken. The uppercase environment variable is left unchanged. For example, the secret TF_VAR_LOGIN_TOKEN will create a new environment variable called TF_VAR_login_token.

Creating Secrets

Prerequisites

These instructions require you to run commands from a terminal.

GitHub CLI (opens in a new tab)

Create a new secret

Export your Terraform organization/repo combination as an environment variable.

For example:

export REPO="OWNER/REPO"

Create a new repository secret

gh secret --repo "$REPO" set SECRET_NAME

Multiple Environments with Tfvars Terraform Cloud Remote Backend