Terraform: Google cloud provider environment variables not read as file as expected
If you set any of the environment variables as specified in the Google cloud provider documentation, the file is not actually read, but tries to parse the filename as JSON. (GOOGLE_CREDENTIALS, GOOGLE_CLOUD_KEYFILE_JSON, GCLOUD_KEYFILE_JSON, see https://www.terraform.io/docs/providers/google/index.html#credentials)
Example:
$ terraform plan
There are warnings and/or errors related to your configuration. Please
fix these before continuing.
Errors:
* provider.google: credentials are not valid JSON '/home/me/.gcloud/credentials.json': invalid character '/' looking for beginning of value
Terraform version: 0.7.2
pvanderlinden
All 4 comments
Hi @pvanderlinden,
The documentation says "Contents of the JSON file used to describe your account credentials". If you were specifying this in a Terraform config, you'd use credentials = "${file("credentials.json")}". However, if you want to use the environment variables, you actually have to read the JSON containing the service account credentials into the environment variable itself.
Example:
export GOOGLE_CREDENTIALS=`cat credentials.json`
That being said, in my experience, the easiest way to handle these credentials if you already have the gcloud SDK installed is to login with gcloud auth login, and then have credentials = "" in your google provider. Terraform will use the gcloud SDK credentials to make calls against Google's API.
Hopefully this answers your question!
cblecker
on 27 Aug 2016
Thanks @cblecker
mitchellh
on 30 Aug 2016
Thanks, I have to say the variable names are confusing though.
pvanderlinden
on 31 Aug 2016
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 22 Apr 2020
Related issues
kklipsch
ยท
95Comments
atkinchris
ยท
68Comments
dupuy
ยท
61Comments
FlorinAndrei
ยท
61Comments
kforsthoevel
ยท
86Comments
Most helpful comment
Hi @pvanderlinden,
The documentation says "Contents of the JSON file used to describe your account credentials". If you were specifying this in a Terraform config, you'd use
credentials = "${file("credentials.json")}". However, if you want to use the environment variables, you actually have to read the JSON containing the service account credentials into the environment variable itself.Example:
That being said, in my experience, the easiest way to handle these credentials if you already have the gcloud SDK installed is to login with
gcloud auth login, and then havecredentials = ""in your google provider. Terraform will use the gcloud SDK credentials to make calls against Google's API.Hopefully this answers your question!