Terraformcloud~5 mins

Environment variables (TF_VAR_) in Terraform - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes you want to keep your settings secret or change them without editing files. Environment variables let you do this by storing values outside your code. Terraform uses special environment variables starting with TF_VAR_ to set input variables automatically.

When you want to keep sensitive data like passwords out of your Terraform files.

When you need to change variable values quickly without editing the Terraform configuration.

When running Terraform in automated scripts or pipelines where variables come from the environment.

When sharing Terraform code but want each user to provide their own settings.

When you want to avoid committing secrets to version control.

Config File - main.tf

main.tf

variable "region" {
  description = "The cloud region to deploy resources"
  type        = string
  default     = "us-east-1"
}

variable "instance_type" {
  description = "Type of the compute instance"
  type        = string
}

resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = var.instance_type
  tags = {
    Name = "example-instance"
  }
}

This Terraform file defines two variables: region with a default value and instance_type which must be provided. It creates an AWS EC2 instance using the instance_type variable. By using environment variables starting with TF_VAR_, you can set instance_type without changing this file.

Commands

This command sets the environment variable TF_VAR_instance_type to t2.micro. Terraform will use this value for the instance_type variable when you run commands.

Terminal

export TF_VAR_instance_type=t2.micro

Expected OutputExpected

No output (command runs silently)

Initializes the Terraform working directory. It downloads necessary provider plugins and prepares the environment.

Terminal

terraform init

Expected OutputExpected

Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/aws... - Installing hashicorp/aws v4.0.0... - Installed hashicorp/aws v4.0.0 (signed by HashiCorp) Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure.

Shows what Terraform will do based on the current configuration and environment variables. It uses the instance_type value from the environment variable.

Terminal

terraform plan

Expected OutputExpected

Terraform used the selected providers to generate an execution plan. Plan: 1 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run. ───────────────────────────────────────────────────────────────────────────── Note: The exact output may vary depending on your Terraform version and provider. # aws_instance.example will be created + resource "aws_instance" "example" { + ami = "ami-0c55b159cbfafe1f0" + arn = (known after apply) + instance_type = "t2.micro" + tags = { + "Name" = "example-instance" } }

Applies the planned changes to create the resources. The -auto-approve flag skips the confirmation prompt.

Terminal

terraform apply -auto-approve

Expected OutputExpected

aws_instance.example: Creating... aws_instance.example: Still creating... [10s elapsed] aws_instance.example: Creation complete after 20s [id=i-0123456789abcdef0] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

→

-auto-approve - Automatically approve the apply step without asking for confirmation

Key Concept

If you name environment variables with TF_VAR_ followed by your variable name, Terraform automatically uses those values for your input variables.

Common Mistakes

Setting environment variables without the TF_VAR_ prefix

Terraform ignores environment variables that do not start with TF_VAR_, so your variables remain unset.

Always prefix your environment variable names with TF_VAR_ followed by the exact variable name.

Not exporting the environment variable before running Terraform commands

If the variable is not exported, Terraform cannot see it in the environment and will not use it.

Use the export command to set the environment variable in the current shell session.

Using environment variables for variables that have default values and expecting them to override

Terraform uses environment variables to override defaults, but if the variable is not referenced properly or the environment variable is missing, the default remains.

Ensure the environment variable is set correctly and matches the variable name exactly to override defaults.

Summary

Set environment variables with the TF_VAR_ prefix to provide input variables to Terraform without editing files.

Run terraform init to prepare your working directory before planning or applying.

Use terraform plan to see what changes will happen using your environment variable values.

Use terraform apply to create or update resources based on your plan.