[SOLVED] Environment variables are not exported in Terraform Cloud

I use environment variables in Terraform Cloud to store sensitive information, and when I try to use them, it looks like Terraform Cloud is not exporting them.

This is how I saved them in my workspace:

This is what the contents of my repository looks like:

This is how the contents of the * .tf files look like:


terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
      version = "2.14.0"

provider "cloudflare" {
  email = var.cloudflare_email
  api_key = var.cloudflare_api_key

resource "cloudflare_zone" "example" {
  zone = "example3.com"
  plan = "free"


variable "cloudflare_email" {
  type = string

variable "cloudflare_api_key" {
  type = string

This is the result I get:

Could anyone please tell me what I’m doing wrong?

H’m. I don’t have much experience with Terraform Cloud (yet), but it looks like you doing everything correctly. I don’t suppose it’s something silly like needing to prefix your environment variable names with TF_VAR_, is it? I don’t know whether that behaviour has carried over to TF Cloud, or whether it just matters for local execution; many of the TF Cloud examples I’ve seen don’t follow that prefix naming convention, for example.

@jlj7 I didn’t said, but I tried to use the prefix TF_VAR_ in different ways, but with no success:

Ah, so even when you just changed the names of the environment variables in TF Cloud to TF_VAR_cloudflare_email, etc., and left your actual TF code the same as you originally posted, it didn’t work?

Which version of Terraform are you using? I believe it will need to be fairly recent – 0.12.18 or greater, according to this post – for it to work without using interpolation syntax (i.e., with dollar signs and curly braces).

1 Like

Hmm, this is what I have not tried to do, I have tried various options with variable names in the files themselves. I assumed that Terraform Cloud itself adds the necessary prefixes to the variable names that are specified in its backend, in addition, there are no warnings in the backend about this :man_shrugging: But I will try and write about the result.

At the same time, it seems to me that this looks like a bug, either it is a bug in some procedure, or it is a bug with sensitive variables, perhaps they are not exported, I will check this too.

I use Terraform v0.14.3, this is the latest version at the moment:

Actually, that’s a good point. Yes, likely that’s exactly what happens or should happen. Very strange, your experience with this.

@jlj7 you are a genius! :+1:

You were absolutely right, just look at this:

I think product managers need to take a closer look at this point and at least add a simple warning in the section with environment variables, I think this might help others like me)

@jlj7 I can’t find how to mark your post as an answer, is there such a possibility here?

1 Like

Absolutely. +1 from me. [Edit: particularly because, as I said, I’m sure I’ve seen tutorials that don’t do this. I was honestly reaching, when I suggested it.]

I don’t think so, but I’m surprised (and happy!) to have been of help! :slight_smile:

1 Like

Hi i have encountered that error and I just work it around by adding a default value. take a look

variable "account" {
   description = "AWS Account ID. Default will be AWS Dev account"
   default     = "0099911133322222"

@aleon1220 it is a bad idea to store API keys / tokens in the configuration, my question was exactly about this and, it has been successfully solved for a long time, you can find the solution above.