Using an Azure service principal in main.tf

mstephen · August 6, 2022, 7:43am

Hi guys
I’m trying to use an azure service principal account in terraform, I have set the $env for each variable within my powershell profile script, as stated here: Authenticate Terraform to Azure | Microsoft Docs

I have my provider setup as such:

# Configure the Microsoft Azure Provider
provider "azurerm" {
  features {}
  subscription_id   = "${env.SUBSCRIPTION_ID}"
  tenant_id         = "${env.TENANT_ID}"
  client_id         = "${env.CLIENT_ID}"
  client_secret     = "${env.CLIENT_SECRET}"
}

However I’m receiving an error for each variable, like so:

│ Error: Reference to undeclared resource
│
│   on main.tf line 16, in provider "azurerm":
│   16:   client_secret     = "${env.CLIENT_SECRET}"
│
│ A managed resource "env" "CLIENT_SECRET" has not been declared in the root module.

if I run $env:ARM_CLIENT_SECRET, it will output the password, so the global variable is set, but for some reason Terraform cannot see it. If I hard code the attributes into the provider it seems to work. Am I missing another setting for terraform to be able to see the $env variables?

I hope I explained that correctly, thanks.

maxb · August 6, 2022, 8:51am

Hi,

You’re using the syntax ${env.NAME} and expecting Terraform to replace it with an environment variable of that name. The Microsoft docs even told you to do this… but as far as I know, they’re just making up a feature that doesn’t actually exist in Terraform!
Your environment variables start with ARM_ but you’re leaving that off, so even if the first point wasn’t an issue, that would also break it.
When you want to configure a Terraform provider using environment variables, you look in the documentation for that provider, and set the environment variable names it asks for - and do not write anything in the Terraform script. If the provider supports using environment variables for otherwise unset values, it will do so.

Try following this documentation instead: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret

mstephen · August 6, 2022, 8:58am

Thank you maxb, appreciate your response, I shall investigate.

mstephen · September 4, 2022, 10:26am

all welcome fantastically, new rule: always refer to hashicorp’s doc

Topic		Replies	Views
Not able to connect to Azure with Service Principal credentials from Jenkins Terraform	4	7380	April 9, 2020
Azure RM credentials via Variable Set in TFC HCP Terraform azure	4	1102	October 18, 2023
How to configure multiple azurerm providers authenticated via system-assigned managed identity using environment variables? Azure azure	1	808	March 8, 2022
Using the Azure Provider with Terraform Cloud Terraform hcp-terraform , azure	6	16553	February 1, 2024
How to authenticate from Terraform Cloud to Azure? Azure	4	8533	November 22, 2023

Using an Azure service principal in main.tf

Related topics