Not able to Parse environment variable through CLI on terraform

terraform.tfvar

certconfig = {

"cert1" = {

name = "validcert3"

certificatename = {

"app1" = {

contents = "C:/Users/adminuser/Desktop/Appgateway_stg_https/modules/az_keyvault_appgw_policy/certificate/certificate.pfx"

# password = "Plants@12345"

}

}

},

"cert2" = {

name = "validcert4"

certificatename = {

"app2" = {

contents = "C:/Users/adminuser/Desktop/Appgateway_stg_https/modules/az_keyvault_appgw_policy/certificate/certificate2.pfx"

# password = "Plants@12345"

}

}

variables.tf

variable "appgw_pid" {

type = any

default = ""

}

variable "appgw_key_perm" {

type = string

default = ""

}

variable "appgw_cert_perm" {

type = list(string)

default = [""]

}

variable "appgw_secret_perm" {

type = string

default = ""

}

variable "appgw_storage_perm" {

type = string

default = ""

}

variable "tenant_id" {

type = any

default = ""

}

variable "keyvault_id" {

type = any

default = ""

}

# variable "password" {

# default = ""

# type = string

# sensitive = true

# }

variable "certconfig" {

type = map(object({

name = string

# key_vault_id = any

certificate = optional(bool,true)

certificatename = optional(map(object({

contents = any

password = optional(any, null)

})))

}))

}

I want to parse it the password through environment variable like this:

$env:TF_VAR_certconfig_cert2_certificatename_app2 = '{"password":"Plants@12345"}'

but not able to read the password.plz help

Show quoted text

Hi @SAURAVPADHY,

Your configuration does not declare any variable named certconfig_cert2_certificatename_app2, so the environment variable name you set will be totally ignored by Terraform. You can only use environment variables to set input variable names that are directly declared in your root module.

If your intention was to set certconfig then the correct environment variable name to use is TF_VAR_certconfig, and you will need to provide the entire value for that variable in the environment variable.

If you only want to set the passwords in the environment variable but have everything else set in a different way then you will need to declare a separate input variable for the passwords and then merge the two structures using expressions inside your module. This also has the advantage that you can declare the separate variable as sensitive so Terraform will know that it should not include values derived from it anywhere in the UI:

variable "certconfig_passwords" {
  type = map(string)

  sensitive = true
}