Introduction
This article explains how to configure Google Cloud Platform (GCP) credentials in HCP Terraform.
Prerequisites
- An authenticated session with your GCP account.
- A configured Google Cloud Service Account.
- The JSON key file for the service account downloaded to your local machine.
Use Case
The GCP provider documentation for authentication demonstrates using a local file path for the JSON key file. This approach is not suitable for HCP Terraform, which requires credentials to be stored securely as variables within the workspace.
Procedure
You can set GCP credentials in HCP Terraform using one of the following two methods.
Option 1: Use a Terraform Variable
You can provide the credentials by defining a Terraform variable and populating its value with the contents of your JSON key file.
-
Define a variable in your Terraform configuration to accept the credentials.
provider "google" { project = "<YOUR_PROJECT>" region = "<YOUR_REGION>" zone = "<YOUR_ZONE>" credentials = var.gcp-creds } variable "gcp-creds" { description = "GCP service account credentials JSON." type = string default = "" } - In your HCP Terraform workspace, create a Terraform variable with the key
gcp-creds. - Paste the entire content of your JSON key file as the variable's value.
Note: You must set this variable as sensitive in the HCP Terraform UI to protect your credentials.
Option 2: Use an Environment Variable
You can provide the credentials by setting a standard GCP environment variable in your HCP Terraform workspace.
- In your HCP Terraform workspace, create an Environment Variable with the key
GOOGLE_CREDENTIALS. -
On your local machine, process your JSON key file to remove newlines and extra spaces. You can use a command like
jqto format the JSON onto a single line.$ cat file.json | jq -c
- Copy the single-line output from the command and paste it as the value for the
GOOGLE_CREDENTIALSenvironment variable.
Note: You must set this variable as sensitive in the HCP Terraform UI to protect your credentials.