Trying to pass in values from an env variable group to terraform

Question

so I've been at this for a couple hours now at least. I've tried passing in two variables using the TF_VAR prefix. I've verified the pipeline is importing the var groups correctly in the logs. I'm thoroughly stumped and could really use some help haha.

references - How to pass Variables with Secrets (User, Password) in Terraform

https://developer.hashicorp.com/terraform/cli/config/environment-variables

https://learn.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=azure-devops&tabs=yaml

main tf infra file

tfvars file

Environmental variable group

AzDO yaml pipeline snip

Steps -

1. I used the links below as references.
2. I tried setting the var values in clear text in the tfvars file for kicks, which is a big no-no, but just to see if it'd take.
3. I also tried exporting the environment variables using export TF_VAR_variable_name as a different way to do this. In each attempt the pipeline stalls and doesn't do anything making me think the values are never getting to the variables for some reason. My current params and run cmd opts included.

Answer 1

For DevOps secret variables, they won’t get mapped to environment variables for security reasons. You have to pass them as variables.

1. Declare variables in your tfvar file as shown below. Refer to them using var.admin_password and var.admin_user in main.tf.

variable "admin_password" {
  type = string
}
variable "admin_user" {
  type = string
}

2. Pass the value of admin_password and admin_user to the terraform task using -var argument.

- task:TerraformTaskV3@3
  displayName: 'Terraform Plan'
  inputs:
    command: 'plan'
    workingDirectory: '$(Build.SourcesDirectory)'
    environmentServiceName: '<service_connection_name>'
    commandOptions:' -input=false -var "admin_password=$(TF_VAR_admin_password)" -var "admin_user=$(TF_VAR_admin_user)" '