CLI with Terraform Cloud

rbracewe
rbracewe
Community Member
in CLI

When interacting with Terraform services, Terraform expects to find API tokens in CLI configuration files in credentials blocks, for example, a file named .terraformrc
credentials "app.terraform.io" {
token = "xxxxxx.yyyyyyy.zzzzzzzzzzzzz"
}

The above file .terraformrc would be referenced from an environment variable , for example,
❯ echo $TF_CLI_CONFIG_FILE
/Users/xxxxx/projects/terraform/.terraformrc

When I run a terraform plan I would like to pull the token from 1Password using the CLI if that's possible. It seems I could use op inject to potentially do the work but that essentially results in a config file with the hardcoded token.

Would this scenario be possible using the CLI?

Thanks

1Password Version: 8.7.0
Extension Version: 2.0.0
OS Version: macOS 12.3

Comments

  • Horia.Culea_1P
    Horia.Culea_1P

    Hey @rbracewe,

    Can you give us more details about your use-case, please?
    Specifically, would it be feasible for you to change the location of your Terraform token? I see that there is a possibility to provision Terraform with the token through an environment variable: TFE_TOKEN. In this situation, I imagine it would possible to set it to a 1Password secret reference and to prefix terraform plan with op run --, or even create an alias for terraform as op run -- terraform in your profile.
    Let me know if this solution can work for you.

    Best,
    Horia

  • rbracewe
    rbracewe
    Community Member

    I had already tried this approach and this is when I learnt that TFE_TOKEN is deprecated and cant be used.

    My use-case is to simply move static credentials from the filesystem into 1Password after reading the blog post about ways to use the 1Password CLI with tools like Github and SSH.

This discussion has been closed.