Terraform
Authenticate tf-migrate
To use tf-migrate
, you must authenticate with HCP Terraform or the Terraform Enterprise instance that you are migrating your state to.
Connect to HCP Terraform or Enterprise Terraform
The tf-migrate
tool uses your locally configured Terraform CLI API token. If you have not authenticated your local Terraform installation with HCP Terraform, use the terraform login
command to create an authentication token.
$ terraform login
Terraform will request an API token for app.terraform.io using your browser.
If login is successful, Terraform will store the token in plain text in
the following file for use by subsequent commands:
/Users/redacted/.terraform.d/credentials.tfrc.json
Do you want to proceed?
Only 'yes' will be accepted to confirm.
Enter a value: yes
Terraform opens a browser to the HCP Terraform sign in screen, where you can then enter a token name in the web UI, or leave the default name. Click Create API token to generate the authentication token.
HCP Terraform only displays your token once. Copy this token, then when the Terraform CLI prompts you, paste the user token exactly once into your terminal. Press Enter to complete the authentication process.
Authenticate your VCS provider
The tf-migrate
tool can optionally create a pull request that updates the state storage location specified in your Terraform configuration. To do this, tf-migrate
uses the GitHub or GitLab Cloud API, and requires an API token with permissions to modify your Git repository.
To configure your API token, set the TF_GIT_PAT_TOKEN
environment variable
$ export TF_GIT_PAT_TOKEN=<TOKEN>
GitHub connection requirements
If your Terraform files are stored in GitHub, you must configure an API token that meets the following requirements:
- The token must be a classic token. Refer to the GitHub documentation for additional information.
- The token must have the
repo
OAuth scope.
GitLab connection requirements
If your Terraform files are stored in GitLab Cloud, you must configure an API token that meets the following requirements:
- The token must be a personal access token. Refer to the GitLab documentation for additional information.
- The token must have
read_repository
andwrite_repository
scopes.