fix: use PM_API_TOKEN_ID/SECRET env vars directly

- Remove token from Terraform variables (provider reads from env)
- Update workflows to set PM_API_TOKEN_ID and PM_API_TOKEN_SECRET directly
- Provider now reads credentials from environment variables

.gitea/workflows/terraform-apply.yml

@@ -18,8 +18,8 @@ jobs:
     env:
       TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
       TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
-      TF_VAR_pm_api_token_id: ${{ secrets.PM_API_TOKEN_ID }}
-      TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }}
+      PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }}
+      PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }}
 
     steps:
       - name: Checkout repository

.gitea/workflows/terraform-plan.yml

@@ -19,8 +19,8 @@ jobs:
     env:
       TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
       TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
-      TF_VAR_pm_api_token_id: ${{ secrets.PM_API_TOKEN_ID }}
-      TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }}
+      PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }}
+      PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }}
 
     steps:
       - name: Checkout repository

terraform/main.tf

@@ -9,8 +9,6 @@ terraform {
 
 provider "proxmox" {
   pm_api_url      = var.pm_api_url
-  pm_api_token_id     = var.pm_api_token_id
-  pm_api_token_secret = var.pm_api_token_secret
   pm_tls_insecure = true
 }
 

terraform/terraform.tfvars

@@ -7,4 +7,3 @@ sockets         = 1
 bridge         = "vmbr0"
 storage        = "Flash"
 pm_api_url     = "https://100.105.0.115:8006/api2/json"
-pm_api_token_id = "terraform-prov@pve!mytoken"

terraform/variables.tf

@@ -1,14 +1,3 @@
-variable "pm_api_token_id" {
-  type        = string
-  description = "Proxmox API token ID (format: user@realm!tokenid)"
-}
-
-variable "pm_api_token_secret" {
-  type        = string
-  sensitive   = true
-  description = "Proxmox API token secret"
-}
-
 variable "target_node" {
   type = string
 }