Variable Groups

The Variable Groups section of Semaphore is a place to store additional variables for an inventory and must be stored in JSON format.

All task templates require an variable group to be defined even if it is empty.

Create an variable group

  1. Click on the Variable Group tab.
  2. Click on the New Variable Group button.
  3. Name the Variable Group and type or paste in valid JSON variables. If you just need an empty Variable Group type in {}.

Updating an variable group

  1. Click on the Variable Groups tab.
  2. Click the pencil icon.
  3. Make changes and click save.

Deleting the variable group

Before you remove an variable proup, you must remove all resources tied to it. If you are not sure which resources are being used in an variable group, follow steps 1 and 2 below. It will show you which resources are being used, with links to those resources.

  1. Click on the Variable Group.
  2. Click the trash can icon next to the Variable Group.
  3. Click Yes if you are sure you want to remove the variable group.

Using Variable Groups - Terraform

When you want utilize a stored variable group variable or secret in your terraform template you must prefix the name with TF_VAR_ for the terraform script to use it.

Example Passing Hetzner Cloud API key to OpenTofu/Terraform playbook.

  1. Click on Variable Group
  2. Click New Group
  3. Click on Secrets tab
  4. Add TV_VAR_hcloud_token and add you secret in the hidden field
  5. Click Save

We will call our secret TV_VAR_hcloud_token as var.hcloud_token in hetzner.tf

terraform {
  required_providers {
    hcloud = {
      source  = "hetznercloud/hcloud"
      version = "~> 1.45"
    }
  }
}

# Declare the variable
variable "hcloud_token" {
  type        = string
  description = "Hetzner Cloud API token"
  sensitive   = true  # This prevents the token from being displayed in logs
}

provider "hcloud" {
  token = var.hcloud_token
}

# Create a new server running debian
resource "hcloud_server" "webserver" {
  name        = "webserver"
  image       = "ubuntu-24.04"
  server_type = "cpx11" 
  location    = "ash"
  ssh_keys = [ "mysshkey" ]
  public_net {
    ipv4_enabled = true
    ipv6_enabled = true
  }
}