How to Set Custom AWS Credentials for Terraform in Environment Variables

The aim of this page📝 is to explain how to use environment variables in Terraform based on the particular example of configuring AWS provider credentials. There are more default ways of doing this as pointed out in, my secrets have also a profile-specific _mrp suffix and I need this way to work properly.

Pavol Kutaj
2 min readSep 4


  • Environment variables are values that can be set outside of a program or script and can be accessed by it.
  • They are useful for storing sensitive or dynamic information that should not be hardcoded in the source code, such as passwords, keys, tokens, etc.
  • This is not only widely used but also strongly recommended — see The Twelve-Factor App > III. Config > Store config in the environment
  • Input variables can be assigned values from different sources, such as command-line arguments, files, or environment variables.
  • To use environment variables as a source of input variables in Terraform, you need to follow a specific naming convention: TF_VAR_name, where name is the name of the input variable.
  • var.access_key refers to a variable called access_key, and terraform parses environment variables looking for an item prefixed with TF_VAR_ concatenated with access_key
provider "aws" {
access_key = var.access_key_mrp
secret_key = var.secret_key_mrp
region = "eu-central-1"

variable "access_key_mrp" {}
variable "secret_key_mrp" {}
  • I need to set the Windows environment variables as TF_VAR_access_key and TF_VAR_secret_key, and their values will be used in my Terraform file.
  • For setting via Powershell see
  • Verify via terraform plan - you should not get an authentication error if done properly




Pavol Kutaj

Today I Learnt | Infrastructure Support Engineer at with a passion for cloud infrastructure/terraform/python/docs. More at