Copying and pasting my attempted support ticket as I’m currently on the free plan
I’m setting my netlify ENV variables via your Terraform provider like so
site_id = data.netlify_site.site.id
team_id = data.netlify_team.team.id
key = "next_public_youtube_playlist"
secret_values = [
for context in local.contexts : {
value = jsondecode(data.aws_secretsmanager_secret_version.latest.secret_string)["next_public_youtube_playlist"]
context = context
}
]
scopes = local.scopes
}
locals {
source_repo = lower(basename(path.cwd))
contexts = ["dev", "branch-deploy", "deploy-preview", "production"]
# scopes = ["builds", "functions", "runtime"]
}
Yet I get the following error if I don't include scopes.
Error: Error updating Netlify environment variable
│
│ with netlify_environment_variable.next_public_youtube_playlist,
│ on netlify_env.tf line 246, in resource "netlify_environment_variable" "next_public_youtube_playlist":
│ 246: resource "netlify_environment_variable" "next_public_youtube_playlist" {
│
│ Could not update Netlify environment variable order ID "next_public_youtube_playlist" (team ID: "teamid", site ID:
│ "43fce32b-eca4-44e6-9af7-97d19a143a5d", secret: true): "422 Unprocessable Entity: {\"code\":422,\"message\":\"Secrets are not allowed to run in
│ 'post_processing' scopes.\"}"
Though If I include my scopes local I get this error
│ Error: Error updating Netlify environment variable
│
│ with netlify_environment_variable.next_public_youtube_playlist,
│ on netlify_env.tf line 132, in resource "netlify_environment_variable" "next_public_youtube_playlist":
│ 132: resource "netlify_environment_variable" "next_public_youtube_playlist" {
│
│ Could not update Netlify environment variable order ID "NEXT_PUBLIC_YOUTUBE_PLAYLIST" (team ID: "teamid", site ID:
│ "43fce32b-eca4-44e6-9af7-97d19a143a5d", secret: false): "403 Forbidden: {\"code\":403,\"message\":\"Upgrade your Netlify account to set specific scopes\"}"
This only happens with secret values which I need otherwise my secrets are exposed on my TF plan.
This seems like an impossible API bug to get around.
Terraform Resource: Terraform Registry
I currently do not see a way around this limitation other than setting them manually in the console which eliminates CI/CD.