layout | page_title | description |
---|---|---|
tfe |
Provider: HCP Terraform and Terraform Enterprise |
Provision HCP Terraform or Terraform Enterprise - with Terraform! Management of organizations, workspaces, teams, variables, run triggers, policy sets, and more. Maintained by the HCP Terraform team at HashiCorp. |
This provider is used to interact with the many resources supported by HCP Terraform. As Terraform Enterprise is a self-hosted distribution of HCP Terraform, this provider supports both Cloud and Enterprise.
Use the navigation to the left to read about the available resources.
Since v0.24.0, this provider requires Terraform >= 0.12.
~> Important: For production use, you should constrain the acceptable provider versions via configuration, to ensure that new versions with breaking changes will not be automatically installed. For more information, see Versions.
This provider requires a HCP Terraform and Terraform Enterprise API token in order to manage resources.
To manage the full selection of resources, provide a user token from an account with appropriate permissions. This user should belong to the "owners" team of every organization you wish to manage. Alternatively, you can use an organization or team token instead of a user token, but it will limit which resources you can manage. Organization and team tokens cannot manage resources across multiple organizations, and organization tokens cannot manage certain resource types (like SSH keys). See the API token documentation for more details about access to specific resources.
There are several ways to provide the required token:
- Set the
token
argument in the provider configuration. You can set thetoken
argument in the provider configuration. Use an input variable for the token. - Set the
TFE_TOKEN
environment variable: The provider can read theTFE_TOKEN
environment variable and the token stored there to authenticate.
When configuring the input variable for either of these options, mark them as sensitive.
-> Note: If you are using this provider in HCP Terraform or Terraform
Enterprise, you will need to use one of the two options above, even if you're
using the remote
backend with remote operations and the
CLI-driven Run workflow.
If you are using this provider on your local command line without remote operations (i.e. only using HCP Terraform as a remote state backend), there are two more options available to you:
- Use
terraform login
to generate credentials: When using this provider with Terraform on your local command line, it can automatically discover the credentials generated byterraform login
. - Set a
credentials
block in your CLI config file (.terraformrc): See the CLI Configuration File documentation. If you used theTF_CLI_CONFIG_FILE
environment variable to specify a non-default location for .terraformrc, the provider will also use that location. Using acredentials_helper
block is not supported.
For production use, you should constrain the acceptable provider versions via
configuration, to ensure that new versions with breaking changes will not be
automatically installed by terraform init
in the future:
terraform {
required_providers {
tfe = {
version = "~> 0.55.0"
}
}
}
As this provider is still at version zero, you should constrain the acceptable provider versions on the minor version.
The above snippet using required_providers
is for Terraform 0.13+; if you are using Terraform version 0.12, you can constrain by adding the version constraint to the provider
block instead:
provider "tfe" {
version = "~> 0.53.0"
...
}
For more information on provider installation and constraining provider versions, see the Provider Requirements documentation.
provider "tfe" {
hostname = var.hostname # Optional, defaults to HCP Terraform `app.terraform.io`
token = var.token
version = "~> 0.53.0"
}
# Create an organization
resource "tfe_organization" "org" {
# ...
}
The following arguments are supported:
hostname
- (Optional) The HCP Terraform or Terraform Enterprise hostname to connect to. Defaults toapp.terraform.io
. Can be overridden by setting theTFE_HOSTNAME
environment variable.token
- (Optional) The token used to authenticate with HCP Terraform or Terraform Enterprise. See Authentication above for more information.ssl_skip_verify
- (Optional) Whether or not to skip certificate verifications. Defaults tofalse
. Can be overridden setting theTFE_SSL_SKIP_VERIFY
environment variable.organization
- (Optional) The default organization that resources should belong to. If provided, it's usually possible to omit resource-specificorganization
arguments. Ensure that the organization already exists prior to using this argument. This can also be specified using theTFE_ORGANIZATION
environment variable.