Terraform
Policy Set Parameters API
Sentinel parameters are a list of key/value pairs that HCP Terraform sends to the Sentinel runtime when performing policy checks on workspaces. They can help you avoid hardcoding sensitive parameters into a policy.
BEGIN: TFC:only name:pnp-callout
Note: HCP Terraform Free Edition includes one policy set of up to five policies. In HCP Terraform Plus Edition, you can connect a policy set to a version control repository or create policy set versions via the API. Refer to HCP Terraform pricing for details.
END: TFC:only name:pnp-callout
Parameters are only available for Sentinel policies. This set of APIs provides endpoints to create, update, list and delete parameters.
Create a Parameter
POST /policy-sets/:policy_set_id/parameters
Parameter | Description |
---|---|
:policy_set_id | The ID of the policy set to create the parameter in. |
Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path | Type | Default | Description |
---|---|---|---|
data.type | string | Must be "vars" . | |
data.attributes.key | string | The name of the parameter. | |
data.attributes.value | string | "" | The value of the parameter. |
data.attributes.category | string | The category of the parameters. Must be "policy-set" . | |
data.attributes.sensitive | bool | false | Whether the value is sensitive. If true then the parameter is written once and not visible thereafter. |
Sample Payload
{
"data": {
"type":"vars",
"attributes": {
"key":"some_key",
"value":"some_value",
"category":"policy-set",
"sensitive":false
}
}
}
Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @payload.json \
https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters
Sample Response
{
"data": {
"id":"var-EavQ1LztoRTQHSNT",
"type":"vars",
"attributes": {
"key":"some_key",
"value":"some_value",
"sensitive":false,
"category":"policy-set"
},
"relationships": {
"configurable": {
"data": {
"id":"pol-u3S5p2Uwk21keu1s",
"type":"policy-sets"
},
"links": {
"related":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s"
}
}
},
"links": {
"self":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-EavQ1LztoRTQHSNT"
}
}
}
List Parameters
GET /policy-sets/:policy_set_id/parameters
Parameter | Description |
---|---|
:policy_set_id | The ID of the policy set to list parameters for. |
Query Parameters
This endpoint supports pagination with standard URL query parameters. Remember to percent-encode [
as %5B
and ]
as %5D
if your tooling doesn't automatically encode URLs. If neither pagination query parameters are provided, the endpoint will not be paginated and will return all results.
Parameter | Description |
---|---|
page[number] | Optional. If omitted, the endpoint will return the first page. |
page[size] | Optional. If omitted, the endpoint will return 20 parameters per page. |
Sample Request
$ curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
"https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters"
Sample Response
{
"data": [
{
"id":"var-AD4pibb9nxo1468E",
"type":"vars",
"attributes": {
"key":"name",
"value":"hello",
"sensitive":false,
"category":"policy-set",
},
"relationships": {
"configurable": {
"data": {
"id":"pol-u3S5p2Uwk21keu1s",
"type":"policy-sets"
},
"links": {
"related":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s"
}
}
},
"links": {
"self":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-AD4pibb9nxo1468E"
}
}
]
}
Update Parameters
PATCH /policy-sets/:policy_set_id/parameters/:parameter_id
Parameter | Description |
---|---|
:policy_set_id | The ID of the policy set that owns the parameter. |
:parameter_id | The ID of the parameter to be updated. |
Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path | Type | Default | Description |
---|---|---|---|
data.type | string | Must be "vars" . | |
data.id | string | The ID of the parameter to update. | |
data.attributes | object | New attributes for the parameter. This object can include key , value , category and sensitive properties, which are described above under create a parameter. All of these properties are optional; if omitted, a property will be left unchanged. |
Sample Payload
{
"data": {
"id":"var-yRmifb4PJj7cLkMG",
"attributes": {
"key":"name",
"value":"mars",
"category":"policy-set",
"sensitive": false
},
"type":"vars"
}
}
Sample Request
$ curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request PATCH \
--data @payload.json \
https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-yRmifb4PJj7cLkMG
Sample Response
{
"data": {
"id":"var-yRmifb4PJj7cLkMG",
"type":"vars",
"attributes": {
"key":"name",
"value":"mars",
"sensitive":false,
"category":"policy-set",
},
"relationships": {
"configurable": {
"data": {
"id":"pol-u3S5p2Uwk21keu1s",
"type":"policy-sets"
},
"links": {
"related":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s"
}
}
},
"links": {
"self":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-yRmifb4PJj7cLkMG"
}
}
}
Delete Parameters
DELETE /policy-sets/:policy_set_id/parameters/:parameter_id
Parameter | Description |
---|---|
:policy_set_id | The ID of the policy set that owns the parameter. |
:parameter_id | The ID of the parameter to be deleted. |
Sample Request
$ curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request DELETE \
https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-yRmifb4PJj7cLkMG