Credentials & Environment Variables
Terracotta AI supports managing cloud provider credentials and environment variables on a per-repository basis. These settings enable Terraform operations that require runtime access to cloud APIs or execution context.
📦 Credentials
Terracotta requires cloud provider credentials only for commands that interact with live infrastructure:
✅ Required By
tc:plan: Runsterraform initandterraform planusing cloud credentials to resolve data sources, validate remote backends, and generate accurate plans.tc:drift: Compares Terraform code and state against live cloud infrastructure to detect drift caused by manual changes or out-of-band tools.
🚫 Not Required By
tc:review,tc:guard,tc:conflict,tc:cost
These commands rely solely on static analysis and do not require access to cloud provider APIs.
🔧 How to Add Credentials
- Navigate to the Credentials & Environment tab for the repository.
- Click + New Credential.
- Select your cloud provider (e.g., AWS, GCP, Azure).
- Enter the required access credentials (e.g., access key & secret, or a service account JSON). To setup secure credentials for your AWS provider, see AWS Setup Guide
- Save. Credentials are now available to
tc:planandtc:drift.
Credentials are encrypted at rest and scoped to the specific repository.
Coming Soon: Support for dynamic credential injection from external sources such as IAM roles, HashiCorp Vault, or CI/CD secrets.
🌐 Environment Variables
Environment variables allow you to inject runtime context into Terraform executions—similar to a .env file or shell-based environment in CI/CD.
🧩 Common Use Cases
TF_VAR_*variables for module inputs- Cloud settings like
AWS_REGION,GOOGLE_PROJECT,ARM_SUBSCRIPTION_ID - Auth tokens, backend configs, or runtime flags
🧪 When They’re Used
Environment variables are injected during:
tc:plan: Terraform needs valid environment inputs to evaluate the plantc:drift: Ensures correct runtime context when querying cloud resources
Environment variables are optional, but recommended if your Terraform relies on runtime configuration.
➕ Adding Environment Variables
To manage environment variables:
- Click + Add to define name-value pairs manually.
- Use Import from ENV to bulk import values from your local environment.
🔍 Summary
| Command | Requires Credentials | Uses Environment Variables |
|---|---|---|
tc:review | No | Optional |
tc:plan | ✅ Yes | ✅ Yes |
tc:drift | ✅ Yes | ✅ Yes |
tc:guard | No | Optional |
tc:conflict | No | No |
tc:cost | No | Optional |
Updated 4 days ago