Many times you need to provide values in provider information when using terraform. Lets take as an example the below code block. The azuredevops provider needs some variables in order to deploy successfully and we need to pass those values as secrets because they contain sensitive information.
terraform {
required_providers {
azuredevops = {
source = "microsoft/azuredevops"
version = ">=1.0.0"
}
}
}
provider "azuredevops" {
org_service_url = URL
personal_access_token = TOKEN
}
We should never hardcode such information in the application as this information may get leaked. In order to pass those as secrets we will need to create a variable group or standalone variables and place the secrets there.
Then we will need to create some terraform variables and pass the values for those through the pipeline.
variable "org_service_url" {
description = "The URL of your Azure DevOps organization."
}
variable "personal_access_token" {
description = "The personal access token for authentication."
}
The provider block should be updated accordingly.
provider "azuredevops" {
org_service_url = var.org_service_url
personal_access_token = var.personal_access_token
}
Finally we pass those values through the pipeline step by providing those with -var argument on terraform.
- task: TerraformTaskV4@4
displayName: terraform apply
inputs:
provider: 'azurerm'
command: 'apply'
workingDirectory: '$(System.DefaultWorkingDirectory)/src/iac_devops'
commandOptions: '-var="org_service_url=$(URL)" -var="personal_access_token=$(PAT)"'
environmentServiceNameAzureRM: 'SUBSCRIPTION'
Finally the pipeline will succeed.
