Secrets

GitHub Secrets can be used to store sensitive information. They are translated into environment variables in the Terrateam GitHub Action runtime environment. These environment variables may be referenced in your Terraform code.

TF_VAR Environment variables

Secrets that start with TF_VAR_ are treated specially by Terrateam.

GitHub Secrets are always uppercase, however by convention Terraform variables are lowercase. Terrateam automatically finds all secrets that start with TF_VAR_ and creates a new environment variable that has the lowercase name. If the lowercase name exists, no action is taken. The uppercase environment variable is left unchanged. For example, the secret TF_VAR_LOGIN_TOKEN will create a new environment variable called TF_VAR_login_token.

Prerequisites

These instructions require you to run commands from a terminal.

GitHub CLI

Create a new secret

Export your Terraform organization/repo combination as an environment variable.

export REPO="OWNER/REPO"

Create a new repository secret

gh secret --repo "$REPO" set SECRET_NAME

Navigate to the main page of your Terraform repository on GitHub
Select Settings

GitHub Settings Tab

In the left sidebar, select Secrets → Actions

GitHub Secrets Actions

Select New repository secret

GitHub Actions Secrets New Repository Secret

Add your new secret

GitHub Actions Add Secret

Welcome

Cloud Provider Setup

Using Terrateam

Features

Recipes

Migrating

Tutorials

Configuration as Code

Self-Hosted

Company