DevToolbox

Terraform YAML Variables to ENV (TF_VAR_)

Convert Terraform variable definitions and YAML-based tfvars to environment variables using the TF_VAR_ prefix convention. Learn Terraform's ENV variable loading rules.

Real-World Configs

Detailed Explanation

Terraform has a specific convention for reading configuration from environment variables: any variable named TF_VAR_<name> is automatically mapped to the Terraform variable <name>. Converting YAML-based variable files to this format is common in CI/CD pipelines.

Terraform variables in YAML format (terraform.tfvars.yaml):

# Infrastructure settings
aws_region: us-east-1
environment: production
instance_type: t3.medium
instance_count: 3

# Networking
vpc_cidr: "10.0.0.0/16"
subnet_cidrs:
  - "10.0.1.0/24"
  - "10.0.2.0/24"
  - "10.0.3.0/24"

# Database
db_instance_class: db.t3.medium
db_allocated_storage: 100
db_name: myapp_prod
db_username: admin
db_password: "super-secure-password-123!"
db_multi_az: true

# Tags
tags:
  Project: MyApp
  Environment: production
  ManagedBy: terraform

Converted to ENV variables (TF_VAR_ prefix):

TF_VAR_aws_region=us-east-1
TF_VAR_environment=production
TF_VAR_instance_type=t3.medium
TF_VAR_instance_count=3
TF_VAR_vpc_cidr=10.0.0.0/16
TF_VAR_subnet_cidrs='["10.0.1.0/24","10.0.2.0/24","10.0.3.0/24"]'
TF_VAR_db_instance_class=db.t3.medium
TF_VAR_db_allocated_storage=100
TF_VAR_db_name=myapp_prod
TF_VAR_db_username=admin
TF_VAR_db_password='super-secure-password-123!'
TF_VAR_db_multi_az=true
TF_VAR_tags='{"Project":"MyApp","Environment":"production","ManagedBy":"terraform"}'

Terraform's ENV variable rules:

  1. Prefix is mandatory. Only environment variables starting with TF_VAR_ are read. The prefix is stripped to match the Terraform variable name.
  2. Case sensitivity. Variable names after TF_VAR_ must match the Terraform variable name exactly: TF_VAR_aws_region matches variable "aws_region". This is lowercase, unlike typical ENV conventions.
  3. String values are passed directly: TF_VAR_region=us-east-1.
  4. Complex types (lists, maps, objects) must be encoded as HCL or JSON syntax:
    • Lists: TF_VAR_subnet_cidrs='["10.0.1.0/24","10.0.2.0/24"]'
    • Maps: TF_VAR_tags='{"key":"value"}'
  5. Number and boolean values are passed as strings -- Terraform handles the type conversion based on the variable definition.

Priority order (highest to lowest):

  1. -var command-line flag
  2. *.auto.tfvars files
  3. terraform.tfvars file
  4. TF_VAR_ environment variables
  5. Variable defaults in .tf files

CI/CD usage: In GitHub Actions or GitLab CI, you can set these as pipeline variables:

env:
  TF_VAR_environment: production
  TF_VAR_db_password: ${{ secrets.DB_PASSWORD }}

This avoids storing sensitive values in .tfvars files committed to version control.

Use Case

Setting up a CI/CD pipeline (GitHub Actions, GitLab CI) for Terraform deployments where infrastructure variables from a YAML config file need to be injected as environment variables with the TF_VAR_ prefix.

Try It — YAML ↔ ENV Converter

Open full tool

Related Topics

Flattening Nested YAML Keys to ENV Variables

YAML to ENV

Converting YAML Arrays and Lists to ENV Format

YAML to ENV

ENV Variable Expansion and YAML References

Advanced Patterns

Docker Compose YAML Environment Variables to .env

Real-World Configs

Kubernetes YAML Secrets and ConfigMaps to ENV

Real-World Configs