2025-11-19 ~22:00 UTC
- Workspace:
test-cloudflare - Domain:
test-cloudflare-testing.ernjv.me - Status: Active (not destroyed for testing purposes)
terraform plan -destroy \
-var="environment_name=test-cloudflare" \
# Only infrastructure secrets, NO Strapi secretsvar.strapi_encryption_key
Strapi ENCRYPTION_KEY for API token encryption (base64-encoded, 32 bytes)
Enter a value:
╷
│ Error: No value for required variable
│
│ on variables.tf line 242:
│ 242: variable "strapi_encryption_key" {
│
│ The root module input variable "strapi_encryption_key" is not set, and has
│ no default value. Use a -var or -var-file command line argument to provide
│ a value for this variable.
╵
This confirms the original issue: Terraform requires ALL variables to validate configuration, even for destroy operations.
terraform plan -destroy \
-var="environment_name=test-cloudflare" \
-var="strapi_app_keys=dummykey1,dummykey2,dummykey3,dummykey4" \
-var="strapi_jwt_secret=dummyjwtsecret123" \
-var="strapi_admin_jwt_secret=dummyadminjwt123" \
-var="strapi_api_token_salt=dummyapisalt123" \
-var="strapi_transfer_token_salt=dummytransfersalt123" \
-var="strapi_encryption_key=dummyencryptionkey123456789012345"Plan: 0 to add, 0 to change, 3 to destroy.
Resources to be destroyed:
cloudflare_record.app(DNS record)digitalocean_app.strapi(App Platform instance)digitalocean_database_db.app(PostgreSQL database)
✅ Issue #12 is RESOLVED
The workflows now correctly include all Strapi secrets:
# Strapi secrets (required for Terraform to validate config during destroy)
TF_VAR_strapi_app_keys: ${{ secrets.STRAPI_APP_KEYS }}
TF_VAR_strapi_jwt_secret: ${{ secrets.STRAPI_JWT_SECRET }}
TF_VAR_strapi_admin_jwt_secret: ${{ secrets.STRAPI_ADMIN_JWT_SECRET }}
TF_VAR_strapi_api_token_salt: ${{ secrets.STRAPI_API_TOKEN_SALT }}
TF_VAR_strapi_transfer_token_salt: ${{ secrets.STRAPI_TRANSFER_TOKEN_SALT }}
TF_VAR_strapi_encryption_key: ${{ secrets.STRAPI_ENCRYPTION_KEY }}# Strapi secrets (required for Terraform to validate config during destroy)
TF_VAR_strapi_app_keys: ${{ secrets.STRAPI_APP_KEYS }}
TF_VAR_strapi_jwt_secret: ${{ secrets.STRAPI_JWT_SECRET }}
TF_VAR_strapi_admin_jwt_secret: ${{ secrets.STRAPI_ADMIN_JWT_SECRET }}
TF_VAR_strapi_api_token_salt: ${{ secrets.STRAPI_API_TOKEN_SALT }}
TF_VAR_strapi_transfer_token_salt: ${{ secrets.STRAPI_TRANSFER_TOKEN_SALT }}
TF_VAR_strapi_encryption_key: ${{ secrets.STRAPI_ENCRYPTION_KEY }}The original comment in the workflows stating:
"Note: Strapi secrets are NOT needed for destroy"
Was incorrect. Terraform always requires all variables to be set during configuration validation, regardless of whether you're creating or destroying resources.
This has been corrected with the proper comment:
"Strapi secrets (required for Terraform to validate config during destroy)"
- 2025-11-19 03:34 - PR #28 cleanup workflow failed (missing Strapi secrets)
- 2025-11-19 03:39 - Issue #12 created documenting the problem
- 2025-11-19 ~21:15 - PR #13 merged adding Strapi secrets to both destroy workflows
- 2025-11-19 ~22:00 - Validated fix with live environment (this test)
The test-cloudflare environment remains active for additional testing. This validation was performed using terraform plan -destroy which simulates the destroy operation without actually removing resources.