HashiCorp Terraform Cloud is now introducing a new reusable component in public beta: variable sets. Variable sets allow Terraform Cloud users to reuse both Terraform-defined and environment variables not just from root to child modules, but across certain workspaces or an entire organization. The most obvious use case is credential management, but variables can also manage anything: the size of an instance, availability zones, tags, the type of plan you’re deploying on a hosted service — even the artists on a Spotify playlist.

Reuse Variables Across Multiple Workspaces

One of the most common use cases for variable sets is credential and identity management. Regardless of the service being consumed, there is almost always a need to establish how Terraform should authenticate it, and as who. The process of creating and defining credentials and service principles across multiple workspaces can become cumbersome as an organization’s workspaces grow to enterprise scale.

The public beta of variable sets provides a brand new way for you to manage variables, especially those being reused, within an organization. Organization owners or workspace managers can manage variable sets through the organization’s settings page. There, you can create collections of variables, known as variable sets, which can then be associated with one, several, or all of an organization’s workspaces. Variable sets can then be used, rotated, or even revoked at any time.

Terraform Cloud UI - Organization Settings - Variable Sets Beta

Variable Sets Use Cases

As mentioned, variables extend far beyond credential management. Variables can manage anything from availability zones to more complex things, like populating frequently used module arguments containing Terraform-defined and environmental variables. This is where the magic comes in. Using variable sets, organizations can more easily solve issues such as:

  • Disaster recovery: If an availability zone goes down or otherwise has issues, organizations can move entire fleets of infrastructure by switching the availability zone in a variable set.
  • Cost optimization: Many organizations find they overspend on the infrastructure they use for non-production environments. Using variable sets, administrators can configure specific instance sizes which may be more cost effective to those development and pre-production environments.
  • Tagging: Administrators can provide a new level of consistency to how tags are applied to provisioned infrastructure with variable sets’ broader management scope.

Terraform Cloud UI - Workspace Settings - Variable Sets Beta

Variable Precedence

As you start to use variable sets, it’s important to understand variable precedence — the order in which variables and variable sets are applied to workspaces. Variable sets have their own level of precedence.

Variable sets applied across all workspaces have the lowest level of precedence. Then, a variable set assigned to a specific workspace (or specific workspaces) can supersede an organization-wide variable set. Lastly, single variables defined within an individual workspace will override any variables defined through a variable set. A workspace’s variables pane (example below) provides additional context regarding whether a variable has been overwritten due to the established precedence.

Terraform Cloud UI - Workspace Settings - Variable Sets Precedence

API Management of Variable Sets

There is also a new API service to manage variable sets. You can use this service to manage each aspect of the variable sets feature. Here is a sample payload to create a variable set, containing a single variable, which is applied across all workspaces in the organization:

{
  "data": {
    "type": "varsets",
    "attributes": {
        "name": "Azure Location - Default",
        "description": "Azure location to deploy workloads by default.",
        "is-global": true
    },
    "relationships": {
      "workspaces": {
        "data": [
          {
            "id": "TPMM-Org",
            "type": "organizations"
          }
        ]
      },
      "vars": {
        "data": [
          {
            "type": "vars",
            "attributes": {
              "key": "location",
              "value": "useast",
              "category": "terraform"
            }
          }
        ]
      }
    }
  }
}

Get Started with Variable Sets

Variable sets are available to every tier of Terraform Cloud users. Documentation on variable sets is available here: Managing Variables in Terraform Cloud. Feedback is greatly appreciated and can be given on the following HashiCorp Discuss post: Terraform Cloud Release: Variable Sets Public Beta.