Posted on Leave a comment

Pass terraform provider variables as secrets

Many times you need to provide values in provider information when using terraform. Lets take as an example the below code block. The azuredevops provider needs some variables in order to deploy successfully and we need to pass those values as secrets because they contain sensitive information.

terraform {
required_providers {
azuredevops = {
source = "microsoft/azuredevops"
version = ">=1.0.0"

provider "azuredevops" {
org_service_url = URL
personal_access_token = TOKEN

We should never hardcode such information in the application as this information may get leaked. In order to pass those as secrets we will need to create a variable group or standalone variables and place the secrets there.

Then we will need to create some terraform variables and pass the values for those through the pipeline.

variable "org_service_url" {
description = "The URL of your Azure DevOps organization."

variable "personal_access_token" {
description = "The personal access token for authentication."

The provider block should be updated accordingly.

provider "azuredevops" {
org_service_url = var.org_service_url
personal_access_token = var.personal_access_token

Finally we pass those values through the pipeline step by providing those with -var argument on terraform.

    - task: TerraformTaskV4@4
displayName: terraform apply
provider: 'azurerm'
command: 'apply'
workingDirectory: '$(System.DefaultWorkingDirectory)/src/iac_devops'
commandOptions: '-var="org_service_url=$(URL)" -var="personal_access_token=$(PAT)"'
environmentServiceNameAzureRM: 'SUBSCRIPTION'

Finally the pipeline will succeed.

Posted on Leave a comment

The subscription is not registered to use namespace ‘Microsoft.ContainerService’.

When you deploy on Azure using terraform you may encounter the below error.

The subscription is not registered to use namespace ‘Microsoft.ContainerService’. See for how to register subscriptions.

In order to resolve issue you should go inside azure portal and under your subscription you should navigate into Resource Providers. Then you should search for the specific provider that is not registered (in my example in was ContainerService) and click register.

When you press register you will see that the provider is going to be in Registering state.

Finally the deployment will succeed after the above change.