How to use team_id in tfc secret engine

awolde · October 17, 2024, 11:35pm

I configured terraform cloud secret engine following the doc:

vault secrets enable terraform
vault write terraform/config token=tf-token
vault write terraform/role/lh team_id="my-team-id"

I’m getting error on the last command.

Error writing data to terraform/role/lh: Error making API request.

URL: PUT https://192.168.0.5:8200/v1/terraform/role/lh
Code: 500. Errors:

* 1 error occurred:
	* error creating Terraform token: unauthorized

I am using a team that has owner permissions. Not sure what the deal is!

If I use user_id, it works. Whats the way to configure for team tokens? I also tried with curl, the same thing:

curl     --request POST     --header "X-Vault-Token: $VAULT_TOKEN"     --data @payload.json -k  $VAULT_ADDR/v1/terraform/role/tf-user 
cat payload.json
{
  "team_id": "team-id-from-ui",
  "ttl": "1h",
  "max_ttl": "24h"
}

Topic		Replies	Views
How can i Use the Team token to automate plan/apply via CI HCP Terraform hcp-terraform	1	2158	July 31, 2022
Confused about TF Cloud Permissions HCP Terraform hcp-terraform	2	522	April 16, 2021
Manage Workspace Teams Token via API using an Admin Team Token? Terraform	1	19	February 16, 2025
Terraform using userpass token not approle token Terraform Providers	0	610	November 20, 2019
* restricted use token cannot generate child tokens Vault	3	3297	July 3, 2020

How to use team_id in tfc secret engine

Related topics