HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

Integrate with HCP Terraform

HCP Vault Secrets allows users to automatically synchronize application secrets to HCP Terraform workspaces or variable sets. This guide walks you through the configuration process.

Prerequisites:

  • Permissions to create an HCP Terraform org or team token
  • An Admin role in an HCP Project
  • An HCP Vault Secrets application and secret(s)

Configuration

  1. Navigate to the HCP Terraform portal and generate a team or org token. For more information, see the HCP Terraform documentation. Save this token for the next step.

    Note

    Personal API tokens are not allowed for the HCP Terraform integration. Only org or team tokens are supported.

  2. Navigate to the HCP Vault Secrets app you would like to integrate with HCP Terraform. From the sidebar, select Integrations then click on the HCP Terraform card to set up the integration.

  3. Provide the token that you generated in the previous step. Click on Save and continue to proceed.

  4. Next, you'll be prompted to configure the integration details. You can either sync your secrets to a HCP Terraform workspace or a variable set.

  1. Navigate to the HCP Terraform workspace page you would like to integrate with HCP Vault Secrets.
  2. Click the copy to clipboard icon next to the workspace ID.
  3. Choose to sync secrets as Terraform variables or Environment variables.
  4. For Terraform Variables, if you are using HashiCorp Configuration Language (HCL), toggle that option on.

Once all required fields are populated, click Save and sync secrets to complete the configuration process. It will immediately sync all of your existing app secrets to the specified HCP Terraform workspace or variable set.

Note

HCP Terraform tokens can expire. Be sure to update the token in HCP Vault Secrets before it expires to ensure that your secrets remain in sync. If the token used for your integration expires, you can update the token used for the integration manually via an API call.

Updating your HCP Terraform token

Determine the name of the token installation by listing out the sync installations. Use the sync/installations API to list out the sync installations.

Then use the sync/installations API to update the token.

Edit this page on GitHub