HashiCorp Developer AI Private beta now available Sign up today
Terraform
Terraform Home

You are viewing documentation for version v202303-1. View latest version.

Policy Set Parameters API

Note: Sentinel and OPA policies available in the Terraform Cloud Team & Governance tier.

Sentinel parameters are a list of key/value pairs that Terraform Cloud sends to the Sentinel runtime when performing policy checks on workspaces. They can help you avoid hardcoding sensitive parameters into a policy.

Parameters are only available for Sentinel policies. This set of APIs provides endpoints to create, update, list and delete parameters.

Create a Parameter

POST /policy-sets/:policy_set_id/parameters

ParameterDescription
:policy_set_idThe ID of the policy set to create the parameter in.

Request Body

This POST endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key pathTypeDefaultDescription
data.typestringMust be "vars".
data.attributes.keystringThe name of the parameter.
data.attributes.valuestring""The value of the parameter.
data.attributes.categorystringThe category of the parameters. Must be "policy-set".
data.attributes.sensitiveboolfalseWhether the value is sensitive. If true then the parameter is written once and not visible thereafter.

Sample Payload

{
  "data": {
    "type":"vars",
    "attributes": {
      "key":"some_key",
      "value":"some_value",
      "category":"policy-set",
      "sensitive":false
    }
  }
}

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @payload.json \
  https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters

Sample Response

{
  "data": {
    "id":"var-EavQ1LztoRTQHSNT",
    "type":"vars",
    "attributes": {
      "key":"some_key",
      "value":"some_value",
      "sensitive":false,
      "category":"policy-set"
    },
    "relationships": {
      "configurable": {
        "data": {
          "id":"pol-u3S5p2Uwk21keu1s",
          "type":"policy-sets"
        },
        "links": {
          "related":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s"
        }
      }
    },
    "links": {
      "self":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-EavQ1LztoRTQHSNT"
    }
  }
}

List Parameters

GET /policy-sets/:policy_set_id/parameters

ParameterDescription
:policy_set_idThe ID of the policy set to list parameters for.

Query Parameters

This endpoint supports pagination with standard URL query parameters. Remember to percent-encode [ as %5B and ] as %5D if your tooling doesn't automatically encode URLs. If neither pagination query parameters are provided, the endpoint will not be paginated and will return all results.

ParameterDescription
page[number]Optional. If omitted, the endpoint will return the first page.
page[size]Optional. If omitted, the endpoint will return 20 parameters per page.

Sample Request

$ curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
"https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters"

Sample Response

{
  "data": [
    {
      "id":"var-AD4pibb9nxo1468E",
      "type":"vars",
      "attributes": {
        "key":"name",
        "value":"hello",
        "sensitive":false,
        "category":"policy-set",
      },
      "relationships": {
        "configurable": {
          "data": {
            "id":"pol-u3S5p2Uwk21keu1s",
            "type":"policy-sets"
          },
          "links": {
            "related":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s"
          }
        }
      },
      "links": {
        "self":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-AD4pibb9nxo1468E"
      }
    }
  ]
}

Update Parameters

PATCH /policy-sets/:policy_set_id/parameters/:parameter_id

ParameterDescription
:policy_set_idThe ID of the policy set that owns the parameter.
:parameter_idThe ID of the parameter to be updated.

Request Body

This POST endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key pathTypeDefaultDescription
data.typestringMust be "vars".
data.idstringThe ID of the parameter to update.
data.attributesobjectNew attributes for the parameter. This object can include key, value, category and sensitive properties, which are described above under create a parameter. All of these properties are optional; if omitted, a property will be left unchanged.

Sample Payload

{
  "data": {
    "id":"var-yRmifb4PJj7cLkMG",
    "attributes": {
      "key":"name",
      "value":"mars",
      "category":"policy-set",
      "sensitive": false
    },
    "type":"vars"
  }
}

Sample Request

$ curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request PATCH \
  --data @payload.json \
  https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-yRmifb4PJj7cLkMG

Sample Response

{
  "data": {
    "id":"var-yRmifb4PJj7cLkMG",
    "type":"vars",
    "attributes": {
      "key":"name",
      "value":"mars",
      "sensitive":false,
      "category":"policy-set",
    },
    "relationships": {
      "configurable": {
        "data": {
          "id":"pol-u3S5p2Uwk21keu1s",
          "type":"policy-sets"
        },
        "links": {
          "related":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s"
        }
      }
    },
    "links": {
      "self":"/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-yRmifb4PJj7cLkMG"
    }
  }
}

Delete Parameters

DELETE /policy-sets/:policy_set_id/parameters/:parameter_id

ParameterDescription
:policy_set_idThe ID of the policy set that owns the parameter.
:parameter_idThe ID of the parameter to be deleted.

Sample Request

$ curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request DELETE \
  https://app.terraform.io/api/v2/policy-sets/polset-u3S5p2Uwk21keu1s/parameters/var-yRmifb4PJj7cLkMG