Using an Azure service principal in

Hi guys
I’m trying to use an azure service principal account in terraform, I have set the $env for each variable within my powershell profile script, as stated here: Authenticate Terraform to Azure | Microsoft Docs

I have my provider setup as such:

# Configure the Microsoft Azure Provider
provider "azurerm" {
  features {}
  subscription_id   = "${env.SUBSCRIPTION_ID}"
  tenant_id         = "${env.TENANT_ID}"
  client_id         = "${env.CLIENT_ID}"
  client_secret     = "${env.CLIENT_SECRET}"

However I’m receiving an error for each variable, like so:

│ Error: Reference to undeclared resource
│   on line 16, in provider "azurerm":
│   16:   client_secret     = "${env.CLIENT_SECRET}"
│ A managed resource "env" "CLIENT_SECRET" has not been declared in the root module.

if I run $env:ARM_CLIENT_SECRET, it will output the password, so the global variable is set, but for some reason Terraform cannot see it. If I hard code the attributes into the provider it seems to work. Am I missing another setting for terraform to be able to see the $env variables?

I hope I explained that correctly, thanks.


  1. You’re using the syntax ${env.NAME} and expecting Terraform to replace it with an environment variable of that name. The Microsoft docs even told you to do this… but as far as I know, they’re just making up a feature that doesn’t actually exist in Terraform!

  2. Your environment variables start with ARM_ but you’re leaving that off, so even if the first point wasn’t an issue, that would also break it.

  3. When you want to configure a Terraform provider using environment variables, you look in the documentation for that provider, and set the environment variable names it asks for - and do not write anything in the Terraform script. If the provider supports using environment variables for otherwise unset values, it will do so.

Try following this documentation instead:

1 Like

Thank you maxb, appreciate your response, I shall investigate.

all welcome fantastically, new rule: always refer to hashicorp’s doc