Introduction
In HCP Terraform and Terraform Enterprise, logs are generated for every run that occurs within a workspace. Administrators may need to manage these logs to comply with organizational security or data retention requirements. This guide explains how run log retention is tied to the workspace lifecycle.
Problem
Run logs for a workspace need to be either permanently retained or deleted.
Procedure
Run logs exist for the entire lifecycle of the workspace where they were generated. There is no independent mechanism to delete only the run logs while keeping the workspace.
Option 1: Retain Run Logs
To retain run logs, you must keep the workspace that generated them, even if it is no longer actively used. The logs will remain available as long as the workspace exists within the organization.
Option 2: Delete Run Logs
To permanently delete run logs, you must delete the entire workspace. You can delete a workspace through the UI by navigating to the workspace's Settings > Destruction and Deletion.
From this page, you can first run a destroy plan to remove all infrastructure managed by the workspace. Afterward, you can delete the workspace itself by selecting Delete from HCP Terraform.
Data Retention Policies in Terraform Enterprise
Starting with Terraform Enterprise v202311-1, you can create data retention policies at both the organization and workspace levels. These policies automatically delete state files and configuration versions older than a specified time.
This setting is located at the organization level under Settings > General and at the workspace level under Settings > Destruction and Deletion.
Note: Data retention policies in Terraform Enterprise do not affect run logs. These policies only apply to state files and configuration versions.
Additional Information
For further information on run logs, please see the Managing Runs documentation.