From 364dc6b35baeb67bba875c528633e547e23a829b Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Fri, 27 Feb 2026 20:43:39 +0000
Subject: [PATCH] fix: use TF_VAR_ prefix for token credentials

- Restore pm_api_token_id and pm_api_token_secret variables
- Use TF_VAR_pm_api_token_id and TF_VAR_pm_api_token_secret env vars
- This is the standard Terraform way to pass variables via environment
---
 .gitea/workflows/terraform-apply.yml |  4 ++--
 .gitea/workflows/terraform-plan.yml  |  4 ++--
 terraform/main.tf                    |  6 ++++--
 terraform/variables.tf               | 11 +++++++++++
 4 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml
index 0bfc563..c09caa6 100644
--- a/.gitea/workflows/terraform-apply.yml
+++ b/.gitea/workflows/terraform-apply.yml
@@ -18,8 +18,8 @@ jobs:
     env:
       TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
       TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
-      PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }}
-      PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }}
+      TF_VAR_pm_api_token_id: ${{ secrets.PM_API_TOKEN_ID }}
+      TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }}
 
     steps:
       - name: Checkout repository
diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml
index 27266d9..579437e 100644
--- a/.gitea/workflows/terraform-plan.yml
+++ b/.gitea/workflows/terraform-plan.yml
@@ -19,8 +19,8 @@ jobs:
     env:
       TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
       TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
-      PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }}
-      PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }}
+      TF_VAR_pm_api_token_id: ${{ secrets.PM_API_TOKEN_ID }}
+      TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }}
 
     steps:
       - name: Checkout repository
diff --git a/terraform/main.tf b/terraform/main.tf
index 7bd3884..fc6134d 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -8,8 +8,10 @@ terraform {
 }
 
 provider "proxmox" {
-  pm_api_url      = var.pm_api_url
-  pm_tls_insecure = true
+  pm_api_url          = var.pm_api_url
+  pm_api_token_id     = var.pm_api_token_id
+  pm_api_token_secret = var.pm_api_token_secret
+  pm_tls_insecure     = true
 }
 
 resource "proxmox_vm_qemu" "alpacas" {
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 2d44f83..c4f1b2c 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -1,3 +1,14 @@
+variable "pm_api_token_id" {
+  type        = string
+  description = "Proxmox API token ID (format: user@realm!tokenid)"
+}
+
+variable "pm_api_token_secret" {
+  type        = string
+  sensitive   = true
+  description = "Proxmox API token secret"
+}
+
 variable "target_node" {
   type = string
 }