I have my terraform project and there is a config file
which read the config file value in terraform project
azure key vault is sensitive value don’t want to store plain text and want to use environment variable
but find it really hard to use environment variable in terraform
Attempted Solutions
try refer to environment variable, doesn’t working
the azure secret value is exactly “${TEST}” rather than the environment variable
try export environment variable TF_VAR_TEST=abc
in the config file
secretValue: “${var.TEST}”
secretValue: var.TEST
in azure
seems terraform interrupt secretValue: var.TEST as value when set to the .tf file rather than expression and get value from environment variable
Right now you’re just making up syntax that doesn’t exist. There is no substitution of values applied to a file you load with yamldecode(file(...)).
If you want to use environment variables to populate Terraform input variables, you will need to explicitly declare those input variables, set your TF_VAR_ prefixed environment variables, and explicitly reference their values in .tf code - not via a YAML file.
This is a community help forum - the vast majority of people here, including myself, are not HashiCorp employees, so can only speculate about future product direction.
I do, however, think it’s pretty unlikely that the feature would ever be implemented in quite the way you have suggested here, as it blurs the lines of YAML parsing and Terraform expression language in a way which would be particularly complex to rigorously define.
It is possible some other way to pull arbitrary environment variables into Terraform configurations might be added … or it might be seen as an intentional design property that all variables being fed into the configuration are intended to be declared. I’m not sure.