You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Digger supports per-project Variables that are made available as environment variables to terraform / opentofu at runtime.
6
+
Variables are stored on the backend and passed to the job via the Job Spec.
7
+
8
+
You can manage variables in the TFVars tab of every project.
9
+
10
+
There are 2 types of variables: Plain Text and Secret.
11
+
12
+
# Plain Text variables
13
+
14
+
They are stored on the backend as-is and are not secured in any special way beyond standard transport and at-rest encryption in the infrastructure. Plain Text variable should only be used for non-sensitive data, like configuration parameters that differ across environments.
15
+
16
+
# Secret variables
17
+
18
+
These variables are stored in the database encrypted with your organisation's Secret Key. It's an RSA public key that you can create in Organisation Settings. You will not be able to create Secret Variables until you have created your Secret Key as follows:
19
+
20
+
1. Go to your Organisation Settings and click Create Secrets Key
21
+
2. Copy the private key and save it in your GitHub Actions as an org-level secret named `DIGGER_PRIVATE_KEY`
22
+
23
+
<Note>
24
+
The key pair is generated in the front-end, and only shown once. At no point
25
+
the private key is saved or accessed by Digger services. If you lose your
26
+
private key, you will also lose ability to decrypt your secrets created using
27
+
that key - so you will need to re-create all your secrets in all projects.
28
+
</Note>
29
+
30
+
# `TF_VAR_` prefix
31
+
32
+
By default all variables are exposed as environment variables. You can make them available to Terraform as [Input Variables](https://developer.hashicorp.com/terraform/language/values/variables) by prefixing their name with `TF_VAR_`.
0 commit comments