TFE: Google Cloud Storage Credentials Required in Configuration Variables Startup Check – HashiCorp Help Center

Problem

Terraform Enterprise fails to start, and the terraform-enterprise container logs show the following error, even when a Google Cloud service account is attached to the virtual machine.

{
  "component": "terraform-enterprise",
  "log": "[ERROR] terraform-enterprise: check failed: name=config duration=\"4.021µs\" err=\"google storage bucket, credentials, and project must be set\""
}

Prerequisites

Terraform Enterprise versions v202307-1 through v202310-1.
A Flexible Deployment Options or Replicated Deployment using the Consolidated Services Architecture.

Cause

This error is caused by a bug in Terraform Enterprise releases from v202307-1 to v202310-1. In these versions, the Configuration Variables startup check incorrectly requires that you provide a GCP project, bucket, and JSON credentials in the settings.

Terraform Enterprise is designed to support authentication to Google Cloud Storage through a service account attached to the instance without requiring the gcs_credentials setting (TFE_OBJECT_STORAGE_GOOGLE_CREDENTIALS for FDO) to be set.

Solutions

There are several workarounds and a long-term fix available depending on your deployment type.

Solution 1: For Replicated Deployments

You have two options to resolve this issue for Replicated deployments.

Short-term Workaround 1:Disable consolidated services mode to revert to the multi-container architecture, where this startup check does not run.
Short-term Workaround 2: Supply JSON credentials via the gcs_credentials setting to allow Terraform Enterprise to complete startup in consolidated services mode.
Long-term Fix: To use service account authentication in consolidated services mode, upgrade to a Terraform Enterprise release later than v202310-1.

Solution 2: For Flexible Deployment Options

You have two options to resolve this issue for Flexible Deployment Options (FDO).

Short-term Workaround: Supply JSON credentials via the TFE_OBJECT_STORAGE_GOOGLE_CREDENTIALS environment variable.
Long-term Fix: Upgrade to a Terraform Enterprise release later than v202310-1.