It is possible to store the environment variables for your Azure in the Windows profile of the machine you are using Terraform from. This prevents the need to store sensitive variables in your Terraform code. The first step is to create new Environment Variables under Windows, in this example I'm using Windows 10 Enterprise.
The important thing here is what you label the variables, the Terraform program looks inside the Windows profile for the prefix "TF_VAR_" and the suffix must be exact to match the syntax of what Terraform is expecting for example in Azure Active Directory the service principal is called an "application id", Terraform does not understand this as it's looking for "client_id".
Azure Value
|
Terraform Expects
|
Windows Variable String
|
Application ID
|
client_id
|
TF_VAR_client_id
|
Client Secret
|
client_secret
|
TF_VAR_client_secret
|
Tenant ID
|
tenant_id
|
TF_VAR_subscription_id
|
Subscription ID
|
subscription_id
|
TF_VAR_tenant_id
|
Use the following Azure CLI code to authenticate to Azure using the variables:
az login --service-principal -u %TF_VAR_client_id% -p %TF_VAR_client_secret% -t %TF_VAR_tenant_id%
