Sentinel parameters are a list of key/value pairs that HCP Terraform sends to the Sentinel runtime when performing policy checks on workspaces. They can help you avoid hardcoding sensitive parameters into a policy.
Note: HCP Terraform Free edition includes one policy set of up to five policies. In HCP Terraform Plus and Premium editions, you can connect a policy set to a version control repository or create policy set versions with the API. Refer to HCP Terraform pricing for details.
Parameters are only available for Sentinel policies. This set of APIs provides endpoints to create, update, list and delete parameters.
POST /policy-sets/:policy_set_id/parameters
:policy_set_id The ID of the policy set to create the parameter in. Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path Type Default Descriptiondata.type string Must be "vars". data.attributes.key string The name of the parameter. data.attributes.value string "" The value of the parameter. data.attributes.category string The category of the parameters. Must be "policy-set". data.attributes.sensitive bool false Whether the value is sensitive. If true then the parameter is written once and not visible thereafter. Sample Payload
{
"data": {
"type":"vars",
"attributes": {
"key":"some_key",
"value":"some_value",
"category":"policy-set",
"sensitive":false
}
}
}
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @payload.json \
https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters
{
"data": {
"id":"var-EavQ1LztoRTQHSNT",
"type":"vars",
"attributes": {
"key":"some_key",
"value":"some_value",
"sensitive":false,
"category":"policy-set"
},
"relationships": {
"configurable": {
"data": {
"id":"pol-u3S5p2Uwk21keu1s",
"type":"policy-sets"
},
"links": {
"related":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s"
}
}
},
"links": {
"self":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-EavQ1LztoRTQHSNT"
}
}
}
GET /policy-sets/:policy_set_id/parameters
:policy_set_id The ID of the policy set to list parameters for. Query Parameters
This endpoint supports pagination with standard URL query parameters. Remember to percent-encode [ as %5B and ] as %5D if your tooling doesn't automatically encode URLs. If neither pagination query parameters are provided, the endpoint will not be paginated and will return all results.
page[number] Optional. If omitted, the endpoint will return the first page. page[size] Optional. If omitted, the endpoint will return 20 parameters per page. Sample Request
$ curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
"https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters"
{
"data": [
{
"id":"var-AD4pibb9nxo1468E",
"type":"vars",
"attributes": {
"key":"name",
"value":"hello",
"sensitive":false,
"category":"policy-set",
},
"relationships": {
"configurable": {
"data": {
"id":"pol-u3S5p2Uwk21keu1s",
"type":"policy-sets"
},
"links": {
"related":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s"
}
}
},
"links": {
"self":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-AD4pibb9nxo1468E"
}
}
]
}
PATCH /policy-sets/:policy_set_id/parameters/:parameter_id
:policy_set_id The ID of the policy set that owns the parameter. :parameter_id The ID of the parameter to be updated. Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path Type Default Descriptiondata.type string Must be "vars". data.id string The ID of the parameter to update. data.attributes object New attributes for the parameter. This object can include key, value, category and sensitive properties, which are described above under create a parameter. All of these properties are optional; if omitted, a property will be left unchanged. Sample Payload
{
"data": {
"id":"var-yRmifb4PJj7cLkMG",
"attributes": {
"key":"name",
"value":"mars",
"category":"policy-set",
"sensitive": false
},
"type":"vars"
}
}
$ curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request PATCH \
--data @payload.json \
https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-yRmifb4PJj7cLkMG
{
"data": {
"id":"var-yRmifb4PJj7cLkMG",
"type":"vars",
"attributes": {
"key":"name",
"value":"mars",
"sensitive":false,
"category":"policy-set",
},
"relationships": {
"configurable": {
"data": {
"id":"pol-u3S5p2Uwk21keu1s",
"type":"policy-sets"
},
"links": {
"related":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s"
}
}
},
"links": {
"self":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-yRmifb4PJj7cLkMG"
}
}
}
DELETE /policy-sets/:policy_set_id/parameters/:parameter_id
:policy_set_id The ID of the policy set that owns the parameter. :parameter_id The ID of the parameter to be deleted. Sample Request
$ curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request DELETE \
https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-yRmifb4PJj7cLkMG
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4