{"id":21130986,"url":"https://github.com/workloads/workspaces","last_synced_at":"2025-07-09T01:33:38.290Z","repository":{"id":153563952,"uuid":"528024256","full_name":"workloads/workspaces","owner":"workloads","description":"Terraform-managed HCP Terraform Workspaces","archived":false,"fork":false,"pushed_at":"2024-07-29T10:27:49.000Z","size":315,"stargazers_count":4,"open_issues_count":1,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-04T14:43:53.384Z","etag":null,"topics":["1password-cli","terraform"],"latest_commit_sha":null,"homepage":"https://app.terraform.io/app/workloads/workspaces","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/workloads.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-23T14:19:33.000Z","updated_at":"2025-01-12T19:14:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"a9431baa-e640-40d5-8914-aeb985e83a96","html_url":"https://github.com/workloads/workspaces","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/workloads/workspaces","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workloads%2Fworkspaces","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workloads%2Fworkspaces/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workloads%2Fworkspaces/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workloads%2Fworkspaces/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/workloads","download_url":"https://codeload.github.com/workloads/workspaces/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/workloads%2Fworkspaces/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264375596,"owners_count":23598412,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["1password-cli","terraform"],"created_at":"2024-11-20T05:43:00.678Z","updated_at":"2025-07-09T01:33:37.916Z","avatar_url":"https://github.com/workloads.png","language":"HCL","readme":"# HCP Terraform Workspace `workspaces`\n\n\u003e This repository manages HCP Terraform Workspaces for [@workloads](https://github.com/workloads).\n\n## Table of Contents\n\n\u003c!-- TOC --\u003e\n* [HCP Terraform Workspace `workspaces`](#hcp-terraform-workspace-workspaces)\n  * [Table of Contents](#table-of-contents)\n  * [Requirements](#requirements)\n    * [Development](#development)\n  * [Diagrams](#diagrams)\n    * [HCP Terraform Workspace Structure](#hcp-terraform-workspace-structure)\n  * [Usage](#usage)\n    * [Inputs](#inputs)\n    * [Outputs](#outputs)\n  * [Notes](#notes)\n    * [Sensitive Data](#sensitive-data)\n    * [Colorized Output](#colorized-output)\n  * [Contributors](#contributors)\n  * [License](#license)\n\u003c!-- TOC --\u003e\n\n## Requirements\n\n* HashiCorp Cloud Platform (HCP) [Account](https://portal.cloud.hashicorp.com/sign-in)\n* HashiCorp HCP Terraform [Account](https://app.terraform.io/session)\n* HashiCorp Terraform `1.9.x` or [newer](https://developer.hashicorp.com/terraform/downloads)\n* 1Password CLI `2.0.0` or [newer](https://1password.com/downloads/command-line/)\n* a copy of [@workloads/tooling](https://github.com/workloads/tooling)\n\n### Development\n\nFor development and testing of this repository:\n\n* `terraform-docs` `0.17.0` or [newer](https://terraform-docs.io/user-guide/installation/)\n\n## Diagrams\n\nThis section contains an overview of (simplified) diagrams, describing the logical connections of the individual HCP Terraform Workspaces.\nAll diagrams are expressed in [Mermaid](https://mermaid.js.org) syntax.\n\n### HCP Terraform Workspace Structure\n\nThis diagram describes the [HCP Terraform Workspaces](https://developer.hashicorp.com/terraform/cloud-docs/workspaces) structure:\n\n```mermaid\nflowchart LR\n    subgraph local[\"local execution\"]\n        direction LR\n\n        makefile[\"Makefile\"]\n        opcli[\"1Password CLI `op`\"]\n        click opcli \"https://developer.1password.com/docs/cli/\" \"1Password CLI `op`\"\n\n        terraform[\"local Terraform process (with Remote State)\"]\n\n        %% actual connections\n        makefile -.- opcli -.- terraform\n    end\n\n    subgraph remote[\"remote, in HCP Terraform\"]\n        direction LR\n\n        %% actual connections\n        terraform --\u003e community[\"TFC Workspace `community`\"]\n        terraform --\u003e dns[\"TFC Workspace `dns`\"]\n        terraform --\u003e networking[\"TFC Workspace `networking`\"]\n        terraform --\u003e regional-workspaces[\"TFC Workspace `regional-workspaces`\"]\n        terraform --\u003e github-organization[\"TFC Workspace `repositories`\"]\n        terraform --\u003e services-configuration[\"TFC Workspace `services-configuration`\"]\n        terraform --\u003e services-deployment[\"TFC Workspace `services-deployment`\"]\n        terraform --\u003e web_assets[\"TFC Workspace `web_assets`\"]\n        terraform --\u003e web_redirects[\"TFC Workspace `web_redirects`\"]\n        terraform --\u003e website[\"TFC Workspace `website`\"]\n        terraform --\u003e workspaces[\"TFC Workspace `workspaces`\"]\n        terraform --\u003e users[\"TFC Workspace `users`\"]\n    end\n```\n\n## Usage\n\nThe `workspaces` HCP Terraform Workspace acts as a _Seed_ Workspace. The repository provides lifecycle management of other, organization-specific HCP Terraform Workspaces and GitHub Organization configurations.\n\nTo inject sensitive _\"Secret Zero\"_ type data, the [1Password CLI](https://1password.com/downloads/command-line/) is used to wrap common Terraform commands (`plan`, `apply`, `destroy`).\n\nThis repository provides a [Makefile](./Makefile)-based workflow.\n\nRunning `make` without commands will print out the following help information:\n\n```text\n🟣 HCP Terraform WORKSPACES\n\nTarget          Description                                   Usage\nprint-secrets   print (sanitized) environment variables       `make print-secrets`\nterraform       execute Terraform with a specific command     `make terraform command=plan`\nimport          execute a Terraform Import                    `make import local=\"\u003cTerraform Resource Identifier\u003e\" remote=\"\u003cRemote API identifier\u003e\"`\nhelp            display a list of Make Targets                `make help`\n_listincludes   list all included Makefiles and *.mk files    `make _listincludes`\n_selfcheck      lint Makefile                                 `make _selfcheck`\n```\n\nThe `terraform` target requires a command such as `plan` or `apply` and optionally supports arguments such as `-auto-approve`\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n### Inputs\n\n| Name | Description | Type | Required |\n|------|-------------|------|:--------:|\n| auth0_client_id | Auth0 Client ID. | `string` | yes |\n| auth0_client_secret | Auth0 Client Secret. | `string` | yes |\n| auth0_domain | Auth0 Domain Name. | `string` | yes |\n| aws_directory_admin_password | AWS Directory Service Admin Password. | `string` | yes |\n| aws_directory_admin_username | AWS Directory Service Admin Username. | `string` | yes |\n| datadog_api_key | Datadog API Key. | `string` | yes |\n| datadog_api_url | Datadog API URL. | `string` | yes |\n| datadog_api_zone | Datadog API Zone. | `string` | yes |\n| datadog_app_key | Datadog App Key. | `string` | yes |\n| discord_token | Discord API Token. | `string` | yes |\n| docker_read_token | Docker Hub Read Token. | `string` | yes |\n| docker_read_write_delete_token | Docker Hub Read / Write / Delete Token. | `string` | yes |\n| docker_read_write_token | Docker Hub Read / Write Token. | `string` | yes |\n| gandi_api_key | This is the Gandi API Key. | `string` | yes |\n| gitguardian_token | GitGuardian Service Account Token. | `string` | yes |\n| github_token | A GitHub OAuth / Personal Access Token. | `string` | yes |\n| google_project_id | The Project ID to use for authenticating with GCP. | `string` | yes |\n| hcp_boundary_admin_password | HCP Boundary Cluster Admin Password. | `string` | yes |\n| hcp_boundary_admin_username | HCP Boundary Cluster Admin Username. | `string` | yes |\n| hcp_contributor_id | HashiCorp Cloud Platform ID for `contributor` Role. | `string` | yes |\n| hcp_contributor_secret | HashiCorp Cloud Platform Secret for `contributor` Role. | `string` | yes |\n| hcp_viewer_id | HashiCorp Cloud Platform ID for `viewer` Role. | `string` | yes |\n| hcp_viewer_secret | HashiCorp Cloud Platform Secret for `viewer` Role. | `string` | yes |\n| infracost_org | Infracost Organization Identifier. | `string` | yes |\n| infracost_runtask_hmac_key | HMAC Key for Infracost Run Task integration. | `string` | yes |\n| infracost_runtask_url | URL for Infracost Run Task integration. | `string` | yes |\n| mondoo_credential | Mondoo Credential. | `string` | yes |\n| mondoo_space_id | Mondoo Space Identifier. | `string` | yes |\n| okta_api_token | Okta API Token. | `string` | yes |\n| okta_org_name | Okta Organization Name. | `string` | yes |\n| okta_social_login_github_client_id | Okta Social Login GitHub Client ID. | `string` | yes |\n| okta_social_login_github_client_secret | Okta Social Login GitHub Client Secret. | `string` | yes |\n| pagerduty_key_read | PagerDuty Read-Only Key. | `string` | yes |\n| pagerduty_key_readwrite | PagerDuty Read-Write Key. | `string` | yes |\n| pagerduty_subdomain | PagerDuty Subdomain | `string` | yes |\n| snyk_runtask_hmac_key | HMAC Key for Snyk Run Task integration. | `string` | yes |\n| snyk_runtask_url | URL for Snyk Run Task integration. | `string` | yes |\n| snyk_token | Snyk API Auth Token. | `string` | yes |\n| tfe_oauth_client_id | VCS Provider OAuth Client Identifier. | `string` | yes |\n| tfe_organization_email | Admin email address. | `string` | yes |\n| csp_configuration | Project-wide List of Cloud Service Providers (CSPs). | \u003cpre\u003elist(object({\u003cbr\u003e    name    = string\u003cbr\u003e    prefix  = string\u003cbr\u003e    enabled = bool\u003cbr\u003e  }))\u003c/pre\u003e | no |\n| docker_username | Docker Hub Username. | `string` | no |\n| gitguardian_user | GitGuardian Service Account User. | `string` | no |\n| github_owner | This is the target GitHub organization or individual user account to manage. | `string` | no |\n| management_region_aws | AWS-specific `Management` Region Identifier. | `string` | no |\n| management_region_gcp | Google-specific `Management` Region Identifier. | `string` | no |\n| project_identifier | Human-readable Project Identifier. | `string` | no |\n| snyk_org | Snyk Organization Name. | `string` | no |\n| tags | Object containing pre-defined Tags. | `map(string)` | no |\n| tfe_organization_name | Name of the organization. | `string` | no |\n| tfe_organization_owner_humans | List of Human-operated Email Addresses of HCP Terraform Organization Owners. | `list(string)` | no |\n| tfe_organization_owner_robots | List of Robot-operated Email Addresses of HCP Terraform Organization Owners. | `list(string)` | no |\n| tfe_organization_token_force_regenerate | Whether to forcefully regenerate and replace TFE Organization Token. | `bool` | no |\n| tfe_project_names | Object containing TFE Project Names. | \u003cpre\u003eobject({\u003cbr\u003e    auxiliary  = string\u003cbr\u003e    management = string\u003cbr\u003e  })\u003c/pre\u003e | no |\n| tfe_workspace_allow_destroy_plan | Whether destroy plans can be queued on the workspace. | `bool` | no |\n| tfe_workspace_auto_apply | Whether to automatically apply changes when a Terraform plan is successful. | `bool` | no |\n| tfe_workspace_terraform_version | Terraform version to use for this Workspace. | `string` | no |\n\n### Outputs\n\n| Name | Description |\n|------|-------------|\n| github_urls | GitHub URLs. |\n| tfe_workspace_terraform_version | Terraform version identifier of current HCP Terraform Workspace. |\n| variable_set_urls | Variable Set URLs. |\n| workspace_urls | Workspace URLs. |\n\u003c!-- END_TF_DOCS --\u003e\n\n## Notes\n\n### Sensitive Data\n\nTerraform state may contain [sensitive data](https://developer.hashicorp.com/terraform/language/state/sensitive-data). This workspace uses [HCP Terraform](https://developer.hashicorp.com/terraform/cloud-docs) to safely store state, and encrypt the data at rest.\n\n### Colorized Output\n\nColorized CLI output may be disabled by setting the `NO_COLOR` environment variable to any non-empty value.\n\n```shell\nexport NO_COLOR=1 \u0026\u0026 make\n```\n\n## Contributors\n\nFor a list of current (and past) contributors to this repository, see [GitHub](https://github.com/workloads/workspaces/graphs/contributors).\n\n## License\n\nLicensed under the Apache License, Version 2.0 (the \"License\").\n\nYou may download a copy of the License at [apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0).\n\nSee the License for the specific language governing permissions and limitations under the License.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fworkloads%2Fworkspaces","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fworkloads%2Fworkspaces","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fworkloads%2Fworkspaces/lists"}