Terraform Variable Inspector - Analyze Vars

Terraform HCL Code

Enter your Terraform HCL code to inspect variable definitions, types, defaults, and common issues

Variables

Issues

What is the Terraform Variable Inspector?

The Terraform Variable Inspector is a client-side tool that parses your Terraform HCL code and analyzes all variable definitions. For each variable, it reports the name, type constraint, default value, description, sensitive flag, and validation rules. It also detects common configuration issues to help you write cleaner, more maintainable Terraform modules.

How to Use

Paste your Terraform HCL configuration into the input field
Click "Inspect" or wait for automatic processing
Review the Variables section showing each variable's attributes
Check the Issues section for recommendations on improving your variable definitions
Use the summary to get a quick overview of variable quality

Example: Variable Definitions with Issues

This configuration demonstrates variables with various quality issues that the inspector will detect:

variable "region" {
  # Missing type and description
  default = "us-east-1"
}

variable "api_key" {
  type        = string
  description = "API key for external service"
  # Missing sensitive = true for a secret
}

variable "config" {
  type        = any
  description = "Generic configuration"
  # Overly permissive type
}

variable "instance_type" {
  type        = string
  default     = "t3.micro"
  description = "EC2 instance type"

  validation {
    condition     = contains(["t3.micro", "t3.small", "t3.medium"], var.instance_type)
    error_message = "Must be a valid t3 instance type."
  }
}

What Issues Are Detected?

Missing type constraint — Variables without an explicit type accept any value, reducing early error detection
Missing description — Variables without documentation are harder for team members to understand
Overly permissive type (any) — Using type = any disables type checking entirely
Sensitive data without sensitive flag — Variables with names suggesting secrets (password, token, key) that lack sensitive = true

Use Cases

Audit Terraform modules for variable documentation completeness
Review variable definitions during code review to catch missing types or descriptions
Identify sensitive variables that should be protected from log exposure
Validate that variables have appropriate type constraints before publishing a module
Quickly understand the input interface of an unfamiliar Terraform module

Best Practices for Terraform Variables

Well-defined variables make Terraform modules easier to use and maintain. Always include a type constraint to catch invalid values early. Add descriptions to document the purpose and expected format. Use sensitive = true for any variable that holds credentials, tokens, or private keys. Add validation blocks when the allowed values are constrained (e.g., specific instance types or CIDR ranges).

Privacy and Security

All parsing and analysis happens entirely in your browser using JavaScript. Your Terraform code — which may contain variable names, default values, and infrastructure details — is never transmitted to any server. No data is stored, logged, or shared.

Frequently Asked Questions

What does the Terraform Variable Inspector check?

The inspector analyzes each variable block in your Terraform HCL code, reporting the name, type constraint, default value, description, sensitive flag, and any validation rules. It also detects common issues like missing types, missing descriptions, overly permissive 'any' types, and variables that likely hold secrets but lack the sensitive flag.

Why should I add type constraints to variables?

Type constraints (e.g., type = string, type = number, type = list(string)) allow Terraform to validate input values before applying changes. Without a type, any value is accepted, which can lead to confusing runtime errors. Explicit types catch mistakes early during terraform plan.

What does the sensitive flag do in Terraform?

When sensitive = true is set on a variable, Terraform redacts its value from CLI output, plan output, and logs. This prevents accidental exposure of passwords, tokens, and API keys. The inspector warns when a variable name suggests it contains secrets but lacks this flag.

Is my Terraform code sent to any server?

No. All parsing and analysis happens entirely in your browser using JavaScript. Your Terraform code — which may contain variable names, default values, and infrastructure details — never leaves your device. No data is stored, logged, or transmitted.

What Terraform variable attributes are detected?

The inspector recognizes all standard variable attributes: type (type constraint), default (default value), description (documentation string), sensitive (redaction flag), and validation blocks (with condition and error_message). Nullable and ephemeral attributes are also parsed if present.

Why does the inspector warn about type 'any'?

Using type = any disables Terraform's type checking for that variable. While occasionally necessary for generic modules, it prevents early error detection and makes code harder to understand. The inspector flags it as a warning so you can evaluate whether a more specific type would be appropriate.

Can I inspect variables from multiple .tf files?

The inspector processes one input at a time. For multi-file configurations, paste the contents of each file separately or concatenate them. The HCL parser handles multiple variable blocks in a single input without issues.

What is the maximum input size supported?

The inspector accepts Terraform files up to 2MB. Files between 200KB and 2MB will show a warning that processing may be slow. For typical Terraform configurations under 200KB, analysis is instant.