terraform-cloud-mcp

Get account details for a Terraform Cloud API token

This endpoint shows information about the currently authenticated user or service account, useful for verifying identity, retrieving email address, and checking authentication status. It returns the same type of object as the Users API, but also includes an email address, which is hidden when viewing info about other users.

API endpoint: GET /account/details

Returns: Raw API response with account information from Terraform Cloud including user ID, username, email address, and authentication status

See: docs/tools/account.md for reference documentation

List workspaces in an organization.

Retrieves a paginated list of all workspaces in a Terraform Cloud organization. Results can be filtered using a search string to find specific workspaces by name. Use this tool to discover existing workspaces, check workspace configurations, or find specific workspaces by partial name match.

API endpoint: GET /organizations/{organization}/workspaces

Args: organization: The name of the organization to list workspaces from page_number: The page number to return (default: 1) page_size: The number of items per page (default: 20, max: 100) search: Optional search string to filter workspaces by name

Returns: Paginated list of workspaces with their configuration settings and metadata

See: docs/tools/workspace.md for reference documentation

Get details for a specific workspace, identified either by ID or by org name and workspace name.

Retrieves comprehensive information about a workspace including its configuration, VCS settings, execution mode, and other attributes. This is useful for checking workspace settings before operations or determining the current state of a workspace.

The workspace can be identified either by its ID directly, or by the combination of organization name and workspace name.

API endpoint:

• GET /workspaces/{workspace_id} (when using workspace_id)
• GET /organizations/{organization}/workspaces/{workspace_name} (when using org+name)

Args: workspace_id: The ID of the workspace (format: "ws-xxxxxxxx") organization: The name of the organization (required if workspace_id not provided) workspace_name: The name of the workspace (required if workspace_id not provided)

Returns: Comprehensive workspace details including settings, configuration and status

See: docs/tools/workspace.md for reference documentation

Create a new workspace in an organization.

Creates a new Terraform Cloud workspace which serves as an isolated environment for managing infrastructure. Workspaces contain variables, state files, and run histories for a specific infrastructure configuration.

API endpoint: POST /organizations/{organization}/workspaces

Args: organization: The name of the organization name: The name to give the workspace

Returns: The created workspace data including configuration, settings and metadata

See: docs/tools/workspace.md for reference documentation

Update an existing workspace.

Modifies the settings of a Terraform Cloud workspace. This can be used to change attributes like execution mode, VCS repository settings, description, or any other workspace configuration options. Only specified attributes will be updated; unspecified attributes remain unchanged.

API endpoint: PATCH /organizations/{organization}/workspaces/{workspace_name}

Args: organization: The name of the organization that owns the workspace workspace_name: The name of the workspace to update

Returns: The updated workspace with all current settings and configuration

See: docs/tools/workspace.md for reference documentation

Lock a workspace.

Locks a workspace to prevent runs from being queued. This is useful when you want to prevent changes to infrastructure while performing maintenance or making manual adjustments. Locking a workspace does not affect currently running plans or applies.

API endpoint: POST /workspaces/{workspace_id}/actions/lock

Args: workspace_id: The ID of the workspace to lock (format: "ws-xxxxxxxx") reason: Optional reason for locking

Returns: The workspace with updated lock status and related metadata

See: docs/tools/workspace.md for reference documentation

Unlock a workspace.

Removes the lock from a workspace, allowing runs to be queued. This enables normal operation of the workspace after it was previously locked.

API endpoint: POST /workspaces/{workspace_id}/actions/unlock

Args: workspace_id: The ID of the workspace to unlock (format: "ws-xxxxxxxx")

Returns: The workspace with updated lock status and related metadata

See: docs/tools/workspace.md for reference documentation

Force unlock a workspace. This should be used with caution.

Forces a workspace to unlock even when the normal unlock process isn't possible. This is typically needed when a run has orphaned a lock or when the user who locked the workspace is unavailable. This operation requires admin privileges on the workspace.

WARNING: Forcing an unlock can be dangerous if the workspace is legitimately locked for active operations. Only use this when you are certain it's safe to unlock.

API endpoint: POST /workspaces/{workspace_id}/actions/force-unlock

Args: workspace_id: The ID of the workspace to force unlock (format: "ws-xxxxxxxx")

Returns: The workspace with updated lock status and related metadata

See: docs/tools/workspace.md for reference documentation

Create a run in a workspace

Creates a new Terraform run to trigger infrastructure changes through Terraform Cloud, representing a single execution of plan and apply operations. The run queues in the workspace and executes based on the workspace's execution mode and settings. Use this to deploy new infrastructure, apply configuration changes, or destroy resources.

API endpoint: POST /runs

Args: workspace_id: The workspace ID to execute the run in (format: "ws-xxxxxxxx") params: Optional run configuration with: - message: Description of the run's purpose - is_destroy: Whether to destroy all resources managed by the workspace - auto_apply: Whether to auto-apply after a successful plan - refresh: Whether to refresh Terraform state before planning - refresh_only: Only refresh the state without planning changes - plan_only: Create a speculative plan without applying - allow_empty_apply: Allow applying when there are no changes - target_addrs: List of resource addresses to specifically target - replace_addrs: List of resource addresses to force replacement - variables: Run-specific variables that override workspace variables - terraform_version: Specific Terraform version to use for this run - save_plan: Save the plan for later execution - debugging_mode: Enable extended debug logging

Returns: The created run details with ID, status, configuration information, workspace relationship, and links to associated resources

See: docs/tools/run.md for reference documentation

List runs in a workspace with filtering and pagination

Retrieves run history for a specific workspace with options to filter by status, operation type, source, and other criteria. Useful for auditing changes, troubleshooting, or monitoring deployment history.

API endpoint: GET /workspaces/{workspace_id}/runs

Args: workspace_id: The workspace ID to list runs for (format: "ws-xxxxxxxx") page_number: Page number to fetch (default: 1) page_size: Number of results per page (default: 20) filter_operation: Filter by operation type filter_status: Filter by status filter_source: Filter by source filter_status_group: Filter by status group filter_timeframe: Filter by timeframe filter_agent_pool_names: Filter by agent pool names search_user: Search by VCS username search_commit: Search by commit SHA search_basic: Search across run ID, message, commit SHA, and username

Returns: List of runs with metadata, status info, and pagination details

See: docs/tools/run.md for reference documentation

List runs across all workspaces in an organization

Retrieves run history across all workspaces in an organization with powerful filtering. Useful for organization-wide auditing, monitoring deployments across teams, or finding specific runs by commit or author.

API endpoint: GET /organizations/{organization}/runs

Args: organization: The organization name page_number: Page number to fetch (default: 1) page_size: Number of results per page (default: 20) filter_operation: Filter by operation type filter_status: Filter by status filter_source: Filter by source filter_status_group: Filter by status group filter_timeframe: Filter by timeframe filter_agent_pool_names: Filter by agent pool names filter_workspace_names: Filter by workspace names search_user: Search by VCS username search_commit: Search by commit SHA search_basic: Basic search across run attributes

Returns: List of runs across workspaces with metadata and pagination details

See: docs/tools/run.md for reference documentation

Get detailed information about a specific run

Retrieves comprehensive information about a run including its current status, plan output, and relationship to other resources. Use to check run progress or results.

API endpoint: GET /runs/{run_id}

Args: run_id: The ID of the run to retrieve details for (format: "run-xxxxxxxx")

Returns: Complete run details including status, plan, and relationships

See: docs/tools/run.md for reference documentation

Apply a run that is paused waiting for confirmation after a plan

Confirms and executes the apply phase for a run that has completed planning and is waiting for approval. Use this when you've reviewed the plan output and want to apply the proposed changes to your infrastructure.

API endpoint: POST /runs/{run_id}/actions/apply

Args: run_id: The ID of the run to apply (format: "run-xxxxxxxx") comment: An optional comment explaining the reason for applying the run

Returns: Run details with updated status information and confirmation of the apply action including timestamp information and any comment provided

See: docs/tools/run.md for reference documentation

Discard a run that is paused waiting for confirmation

Cancels a run without applying its changes, typically used when the plan shows undesired changes or after reviewing and rejecting a plan. This action removes the run from the queue and unlocks the workspace for new runs.

API endpoint: POST /runs/{run_id}/actions/discard

Args: run_id: The ID of the run to discard (format: "run-xxxxxxxx") comment: An optional explanation for why the run was discarded

Returns: Run status update with discarded state information, timestamp of the discard action, and user information

See: docs/tools/run.md for reference documentation

Cancel a run that is currently planning or applying

Gracefully stops an in-progress run during planning or applying phases. Use this when you need to stop a run that's taking too long, consuming too many resources, or needs to be stopped for any reason. The operation attempts to cleanly terminate the run by sending an interrupt signal.

API endpoint: POST /runs/{run_id}/actions/cancel

Args: run_id: The ID of the run to cancel (format: "run-xxxxxxxx") comment: An optional explanation for why the run was canceled

Returns: Run status update with canceled state, timestamp of cancellation, and any provided comment in the response metadata

See: docs/tools/run.md for reference documentation

Forcefully cancel a run immediately

Immediately terminates a run that hasn't responded to a normal cancel request. Use this as a last resort when a run is stuck and not responding to regular cancellation. This action bypasses the graceful shutdown process and forces the workspace to be unlocked.

API endpoint: POST /runs/{run_id}/actions/force-cancel

Args: run_id: The ID of the run to force cancel (format: "run-xxxxxxxx") comment: An optional explanation for why the run was force canceled

Returns: Run status update confirming forced cancellation with timestamp, user information, and workspace unlock status

See: docs/tools/run.md for reference documentation

Forcefully execute a run by canceling all prior runs

Prioritizes a specific run by canceling other queued runs to unlock the workspace, equivalent to clicking "Run this plan now" in the UI. Use this when a run is stuck in the pending queue but needs immediate execution due to urgency or priority over other queued runs.

API endpoint: POST /runs/{run_id}/actions/force-execute

Args: run_id: The ID of the run to execute (format: "run-xxxxxxxx")

Returns: Status update confirming the run has been promoted to active status, with information about which runs were canceled to allow execution

See: docs/tools/run.md for reference documentation

Get details for a specific organization

Retrieves comprehensive information about an organization including settings, email contact info, and configuration defaults.

API endpoint: GET /organizations/{organization}

Args: organization: The organization name to retrieve details for (required)

Returns: Organization details including name, email, settings and configuration

See: docs/tools/organization.md for reference documentation

Show entitlement set for organization features

Retrieves information about available features and capabilities based on the organization's subscription tier.

API endpoint: GET /organizations/{organization}/entitlement-set

Args: organization: The organization name to retrieve entitlements for (required)

Returns: Entitlement set details including feature limits and subscription information

See: docs/tools/organization.md for reference documentation

List organizations with filtering options

Retrieves a paginated list of organizations the current user has access to, with options to search by name or email address.

API endpoint: GET /organizations

Args: page_number: Page number to fetch (default: 1) page_size: Number of results per page (default: 20) q: Search query to filter by name and email query_email: Search query to filter by email only query_name: Search query to filter by name only

Returns: List of organizations with metadata and pagination information

See: docs/tools/organization.md for reference documentation

Create a new organization in Terraform Cloud

Creates a new organization with the given name and email, allowing workspaces and teams to be created within it. This is the first step in setting up a new environment in Terraform Cloud.

API endpoint: POST /organizations

Args: name: The name of the organization (required) email: Admin email address (required) params: Additional organization settings: - collaborator_auth_policy: Authentication policy (password or two_factor_mandatory) - session_timeout: Session timeout after inactivity in minutes - session_remember: Session total expiration time in minutes - cost_estimation_enabled: Whether to enable cost estimation for workspaces - default_execution_mode: Default workspace execution mode (remote, local, agent) - aggregated_commit_status_enabled: Whether to aggregate VCS status updates - speculative_plan_management_enabled: Whether to auto-cancel unused speculative plans - assessments_enforced: Whether to enforce health assessments for all workspaces - allow_force_delete_workspaces: Whether to allow deleting workspaces with resources - default_agent_pool_id: Default agent pool ID (required when using agent mode)

Returns: The created organization details including ID and created timestamp

See: docs/tools/organization.md for reference documentation

Update an existing organization in Terraform Cloud

Modifies organization settings such as email contact, authentication policy, or other configuration options. Only specified attributes will be updated.

API endpoint: PATCH /organizations/{organization}

Args: organization: The name of the organization to update (required) params: Organization parameters to update: - email: Admin email address for the organization - collaborator_auth_policy: Authentication policy (password or two_factor_mandatory) - session_timeout: Session timeout after inactivity in minutes - session_remember: Session total expiration time in minutes - cost_estimation_enabled: Whether to enable cost estimation for workspaces - default_execution_mode: Default workspace execution mode (remote, local, agent) - aggregated_commit_status_enabled: Whether to aggregate VCS status updates - speculative_plan_management_enabled: Whether to auto-cancel unused speculative plans - assessments_enforced: Whether to enforce health assessments for all workspaces - allow_force_delete_workspaces: Whether to allow deleting workspaces with resources

Returns: The updated organization with all current settings

See: docs/tools/organization.md for reference documentation

Get details for a specific plan.

Retrieves comprehensive information about a plan including its current status, logs, resource counts, and relationship to other resources.

API endpoint: GET /plans/{plan_id}

Args: plan_id: The ID of the plan to retrieve details for (format: "plan-xxxxxxxx")

Returns: Plan details including status, timestamps, and resource change counts

See: docs/tools/plan.md for reference documentation

Retrieve the JSON execution plan.

Gets the JSON representation of a plan's execution details, providing a machine-readable format of the planned resource changes.

API endpoint: GET /plans/{plan_id}/json-output

Args: plan_id: The ID of the plan to retrieve JSON output for (format: "plan-xxxxxxxx")

Returns: The complete JSON formatted plan with resource changes, metadata, and planned actions. The redirect is automatically followed.

See: docs/tools/plan.md for reference documentation

Retrieve the JSON execution plan from a run.

Gets the JSON representation of a run's current plan execution details, providing a machine-readable format of the planned resource changes.

API endpoint: GET /runs/{run_id}/plan/json-output

Args: run_id: The ID of the run to retrieve plan JSON output for (format: "run-xxxxxxxx")

Returns: The complete JSON formatted plan with resource changes, metadata, and planned actions. The redirect is automatically followed.

See: docs/tools/plan.md for reference documentation

Retrieve logs from a plan.

Gets the raw log output from a Terraform Cloud plan operation, providing detailed information about the execution plan.

API endpoint: Uses the log-read-url from GET /plans/{plan_id}

Args: plan_id: The ID of the plan to retrieve logs for (format: "plan-xxxxxxxx")

Returns: The raw logs from the plan operation. The redirect to the log file is automatically followed.

See: docs/tools/plan.md for reference documentation

Get details for a specific apply.

Retrieves comprehensive information about an apply including its current status, logs, resource counts, and relationship to other resources.

API endpoint: GET /applies/{apply_id}

Args: apply_id: The ID of the apply to retrieve details for (format: "apply-xxxxxxxx")

Returns: Apply details including status, timestamps, and resource change counts

See: docs/tools/apply.md for reference documentation

Retrieve the errored state from a failed apply.

Gets information about a state file that failed to upload during an apply, providing access to the state data for recovery purposes.

API endpoint: GET /applies/{apply_id}/errored-state

Args: apply_id: The ID of the apply with a failed state upload (format: "apply-xxxxxxxx")

Returns: Information about the errored state including access details. The redirect to the state file is automatically followed.

See: docs/tools/apply.md for reference documentation

Retrieve logs from an apply.

Gets the raw log output from a Terraform Cloud apply operation, providing detailed information about resource changes and any errors.

API endpoint: Uses the log-read-url from GET /applies/{apply_id}

Args: apply_id: The ID of the apply to retrieve logs for (format: "apply-xxxxxxxx")

Returns: The raw logs from the apply operation. The redirect to the log file is automatically followed.

See: docs/tools/apply.md for reference documentation

Create a new project in an organization.

Creates a new Terraform Cloud project which serves as a container for workspaces. Projects help organize workspaces into logical groups and can have their own settings and permissions.

API endpoint: POST /organizations/{organization}/projects

Args: organization: The name of the organization name: The name to give the project params: Additional project parameters (optional): - description: Human-readable description of the project - auto_destroy_activity_duration: How long each workspace should wait before auto-destroying (e.g., '14d', '24h') - tag_bindings: List of tag key-value pairs to bind to the project

Returns: The created project data including configuration, settings and metadata

See: docs/tools/project.md for reference documentation

Update an existing project.

Modifies the settings of a Terraform Cloud project. This can be used to change attributes like name, description, auto-destroy duration, or tags. Only specified attributes will be updated; unspecified attributes remain unchanged.

API endpoint: PATCH /projects/{project_id}

Args: project_id: The ID of the project to update (format: "prj-xxxxxxxx") params: Project parameters to update (optional): - name: New name for the project - description: Human-readable description of the project - auto_destroy_activity_duration: How long each workspace should wait before auto-destroying (e.g., '14d', '24h') - tag_bindings: List of tag key-value pairs to bind to the project

Returns: The updated project with all current settings and configuration

See: docs/tools/project.md for reference documentation

List projects in an organization.

Retrieves a paginated list of all projects in a Terraform Cloud organization. Results can be filtered using a search string or permissions filters to find specific projects.

API endpoint: GET /organizations/{organization}/projects

Args: organization: The name of the organization to list projects from page_number: The page number to return (default: 1) page_size: The number of items per page (default: 20, max: 100) q: Optional search query to filter projects by name filter_names: Filter projects by name (comma-separated list) filter_permissions_update: Filter projects that the user can update filter_permissions_create_workspace: Filter projects that the user can create workspaces in sort: Sort projects by name ('name' or '-name' for descending)

Returns: Paginated list of projects with their configuration settings and metadata

See: docs/tools/project.md for reference documentation

Get details for a specific project.

Retrieves comprehensive information about a project including its configuration, tag bindings, workspace count, and other attributes.

API endpoint: GET /projects/{project_id}

Args: project_id: The ID of the project (format: "prj-xxxxxxxx")

Returns: Project details including settings, configuration and status

See: docs/tools/project.md for reference documentation

List tag bindings for a project.

Retrieves the list of tags bound to a specific project. These tags are inherited by all workspaces within the project.

API endpoint: GET /projects/{project_id}/tag-bindings

Args: project_id: The ID of the project (format: "prj-xxxxxxxx")

Returns: List of tag bindings with their key-value pairs and creation timestamps

See: docs/tools/project.md for reference documentation

Add or update tag bindings on a project.

Adds new tag bindings or updates existing ones on a project. This is an additive operation that doesn't remove existing tags.

API endpoint: PATCH /projects/{project_id}/tag-bindings

Args: project_id: The ID of the project (format: "prj-xxxxxxxx") tag_bindings: List of TagBinding objects with key-value pairs to add or update

Returns: The complete list of updated tag bindings for the project

See: docs/tools/project.md for reference documentation

Move workspaces into a project.

Moves one or more workspaces into a project. The user must have permission to move workspaces on both source and destination projects.

API endpoint: POST /projects/{project_id}/relationships/workspaces

Args: project_id: The ID of the destination project (format: "prj-xxxxxxxx") workspace_ids: List of workspace IDs to move (format: ["ws-xxxxxxxx", ...])

Returns: Empty response with HTTP 204 status code if successful

See: docs/tools/project.md for reference documentation

Get details for a specific cost estimate.

Retrieves comprehensive information about a cost estimate including its current status, resource counts, monthly cost estimations, and relationship to other resources.

API endpoint: GET /cost-estimates/{cost_estimate_id}

Args: cost_estimate_id: The ID of the cost estimate to retrieve details for (format: "ce-xxxxxxxx")

Returns: Cost estimate details including status, timestamps, resource counts, and monthly cost estimations

Note: There is no endpoint to list cost estimates. You can find the ID for a cost estimate in the relationships.cost-estimate property of a run object.

See: docs/tools/cost_estimate.md for reference documentation

Get details for a specific assessment result.

Retrieves comprehensive information about an assessment result including its current status, whether drift was detected, and links to related resources like JSON output and logs.

API endpoint: GET /api/v2/assessment-results/{assessment_result_id}

Args: assessment_result_id: The ID of the assessment result to retrieve details for (format: "asmtres-xxxxxxxx")

Returns: Assessment result details including status, timestamps, and drift detection information

See: docs/tools/assessment_results.md for reference documentation

Retrieve the JSON execution plan from an assessment result.

Gets the JSON representation of the plan execution details from an assessment, providing a machine-readable format of the planned resource changes.

API endpoint: GET /api/v2/assessment-results/{assessment_result_id}/json-output

Args: assessment_result_id: The ID of the assessment result to retrieve JSON output for (format: "asmtres-xxxxxxxx")

Returns: The complete JSON formatted plan with resource changes, metadata, and planned actions. The redirect is automatically followed.

Note: This endpoint requires admin level access to the workspace and cannot be accessed with organization tokens.

See: docs/tools/assessment_results.md for reference documentation

Retrieve the JSON schema file from an assessment result.

Gets the JSON schema representation of the provider schema used during the assessment, providing information about available resources and their configuration options.

API endpoint: GET /api/v2/assessment-results/{assessment_result_id}/json-schema

Args: assessment_result_id: The ID of the assessment result to retrieve schema for (format: "asmtres-xxxxxxxx")

Returns: The JSON schema file containing provider information. The redirect is automatically followed.

Note: This endpoint requires admin level access to the workspace and cannot be accessed with organization tokens.

See: docs/tools/assessment_results.md for reference documentation

Retrieve logs from an assessment result.

Gets the raw log output from a Terraform Cloud assessment operation, providing detailed information about the execution and any errors.

API endpoint: GET /api/v2/assessment-results/{assessment_result_id}/log-output

Args: assessment_result_id: The ID of the assessment result to retrieve logs for (format: "asmtres-xxxxxxxx")

Returns: The raw logs from the assessment operation. The redirect to the log file is automatically followed.

Note: This endpoint requires admin level access to the workspace and cannot be accessed with organization tokens.

See: docs/tools/assessment_results.md for reference documentation

List state versions in a workspace.

Retrieves a paginated list of all state versions in a Terraform Cloud workspace. Results can be filtered using status to find specific state versions.

API endpoint: GET /state-versions

Args: organization: The name of the organization that owns the workspace workspace_name: The name of the workspace to list state versions from page_number: The page number to return (default: 1) page_size: The number of items per page (default: 20, max: 100) filter_status: Filter state versions by status: 'pending', 'finalized', or 'discarded'

Returns: Paginated list of state versions with their configuration settings and metadata

See: docs/tools/state_versions.md for reference documentation

Get the current state version for a workspace.

Retrieves the current state version for a workspace, which is the input state when running terraform operations.

API endpoint: GET /workspaces//current-state-version

Args: workspace_id: The ID of the workspace (format: "ws-xxxxxxxx")

Returns: The current state version including details and download URLs

See: docs/tools/state_versions.md for reference documentation

Get details for a specific state version.

Retrieves comprehensive information about a state version including its status, download URLs, and resource information.

API endpoint: GET /state-versions/

Args: state_version_id: The ID of the state version to retrieve (format: "sv-xxxxxxxx")

Returns: State version details including status, timestamps, and resource metadata

See: docs/tools/state_versions.md for reference documentation

Create a state version in a workspace.

Creates a new state version and sets it as the current state version for the given workspace. The workspace must be locked by the user creating a state version. This is most useful for migrating existing state from Terraform Community edition into a new HCP Terraform workspace.

API endpoint: POST /workspaces//state-versions

Args: workspace_id: The ID of the workspace (format: "ws-xxxxxxxx") serial: The serial number of this state instance md5: An MD5 hash of the raw state version params: Additional state version parameters (optional): - state: Base64 encoded raw state file - lineage: Lineage of the state version - json_state: Base64 encoded JSON state - json_state_outputs: Base64 encoded JSON state outputs - run_id: The ID of the run to associate with the state version

Returns: The created state version data including download URLs and status information

See: docs/tools/state_versions.md for reference documentation

Download the state file content.

Retrieves the raw state file or JSON formatted state file for a specific state version.

API endpoint: Uses the hosted URLs from GET /state-versions/

Args: state_version_id: The ID of the state version (format: "sv-xxxxxxxx") json_format: Whether to download the JSON formatted state (default: False)

Returns: The raw state file content or JSON formatted state content

See: docs/tools/state_versions.md for reference documentation

List outputs for a state version.

Retrieves a paginated list of all outputs for a specific state version. These outputs include name, value, and sensitivity information.

API endpoint: GET /state-versions//outputs

Args: state_version_id: The ID of the state version (format: "sv-xxxxxxxx") page_number: The page number to return (default: 1) page_size: The number of items per page (default: 20, max: 100)

Returns: Paginated list of state version outputs with name, value, and sensitivity information

See: docs/tools/state_version_outputs.md for reference documentation

Get details for a specific state version output.

Retrieves comprehensive information about a state version output including its name, value, type, and sensitivity information.

API endpoint: GET /state-version-outputs/

Args: state_version_output_id: The ID of the state version output (format: "wsout-xxxxxxxx")

Returns: State version output details including name, value, type, and sensitivity information

See: docs/tools/state_version_outputs.md for reference documentation

List all variables for a workspace.

Retrieves all variables (both Terraform and environment) configured for a specific workspace.

API endpoint: GET /workspaces/{workspace_id}/vars

Args: workspace_id: The ID of the workspace (format: "ws-xxxxxxxx")

Returns: List of workspace variables with their configuration and values

See: docs/tools/variables.md#list-workspace-variables for reference documentation

Create a new variable in a workspace.

Creates a new Terraform or environment variable within a workspace. Variables can be marked as sensitive to hide their values.

API endpoint: POST /workspaces/{workspace_id}/vars

Args: workspace_id: The ID of the workspace (format: "ws-xxxxxxxx") key: The variable name/key category: Variable category ("terraform" or "env")

Returns: The created variable with its configuration and metadata

See: docs/tools/variables.md#create-workspace-variable for reference documentation

Update an existing workspace variable.

Modifies the configuration of an existing workspace variable. Only specified attributes will be updated; unspecified attributes remain unchanged.

API endpoint: PATCH /workspaces/{workspace_id}/vars/{variable_id}

Args: workspace_id: The ID of the workspace (format: "ws-xxxxxxxx") variable_id: The ID of the variable (format: "var-xxxxxxxx")

Returns: The updated variable with all current settings and configuration

See: docs/tools/variables.md#update-workspace-variable for reference documentation

List variable sets in an organization.

Retrieves a paginated list of all variable sets in a Terraform Cloud organization. Variable sets allow you to reuse variables across multiple workspaces.

API endpoint: GET /organizations/{organization}/varsets

Args: organization: The name of the organization page_number: The page number to return (default: 1) page_size: The number of items per page (default: 20, max: 100)

Returns: Paginated list of variable sets with their configuration and metadata

See: docs/tools/variables.md#list-variable-sets for reference documentation

Get details for a specific variable set.

Retrieves comprehensive information about a variable set including its variables, workspace assignments, and configuration.

API endpoint: GET /varsets/{varset_id}

Args: varset_id: The ID of the variable set (format: "varset-xxxxxxxx")

Returns: Variable set details including configuration and relationships

See: docs/tools/variables.md#get-variable-set for reference documentation

Create a new variable set in an organization.

Creates a new variable set which can be used to manage variables across multiple workspaces and projects.

API endpoint: POST /organizations/{organization}/varsets

Args: organization: The name of the organization name: The name to give the variable set

Returns: The created variable set with its configuration and metadata

See: docs/tools/variables.md#create-variable-set for reference documentation

Update an existing variable set.

Modifies the settings of a variable set. Only specified attributes will be updated; unspecified attributes remain unchanged.

API endpoint: PATCH /varsets/{varset_id}

Args: varset_id: The ID of the variable set (format: "varset-xxxxxxxx")

Returns: The updated variable set with all current settings and configuration

See: docs/tools/variables.md#update-variable-set for reference documentation

Assign a variable set to one or more workspaces.

Makes the variables in a variable set available to the specified workspaces. Variables from variable sets take precedence over workspace variables if the variable set has priority enabled.

API endpoint: POST /varsets/{varset_id}/relationships/workspaces

Args: varset_id: The ID of the variable set (format: "varset-xxxxxxxx") workspace_ids: List of workspace IDs (format: ["ws-xxxxxxxx", ...])

Returns: Empty response with HTTP 204 status code if successful

See: docs/tools/variables.md#assign-variable-set-to-workspaces for reference documentation

Remove a variable set from one or more workspaces.

Removes the variable set assignment from the specified workspaces. The variables will no longer be available in those workspaces.

API endpoint: DELETE /varsets/{varset_id}/relationships/workspaces

Args: varset_id: The ID of the variable set (format: "varset-xxxxxxxx") workspace_ids: List of workspace IDs (format: ["ws-xxxxxxxx", ...])

Returns: Empty response with HTTP 204 status code if successful

See: docs/tools/variables.md#unassign-variable-set-from-workspaces for reference documentation

Assign a variable set to one or more projects.

Makes the variables in a variable set available to all workspaces within the specified projects.

API endpoint: POST /varsets/{varset_id}/relationships/projects

Args: varset_id: The ID of the variable set (format: "varset-xxxxxxxx") project_ids: List of project IDs (format: ["prj-xxxxxxxx", ...])

Returns: Empty response with HTTP 204 status code if successful

See: docs/tools/variables.md#assign-variable-set-to-projects for reference documentation

Remove a variable set from one or more projects.

Removes the variable set assignment from the specified projects. The variables will no longer be available in workspaces within those projects.

API endpoint: DELETE /varsets/{varset_id}/relationships/projects

Args: varset_id: The ID of the variable set (format: "varset-xxxxxxxx") project_ids: List of project IDs (format: ["prj-xxxxxxxx", ...])

Returns: Empty response with HTTP 204 status code if successful

See: docs/tools/variables.md#unassign-variable-set-from-projects for reference documentation

List all variables in a variable set.

Retrieves all variables that belong to a specific variable set, including their configuration and values.

API endpoint: GET /varsets/{varset_id}/relationships/vars

Args: varset_id: The ID of the variable set (format: "varset-xxxxxxxx")

Returns: List of variables in the variable set with their configuration

See: docs/tools/variables.md#list-variables-in-variable-set for reference documentation

Create a new variable in a variable set.

Creates a new Terraform or environment variable within a variable set. Variables can be marked as sensitive to hide their values.

API endpoint: POST /varsets/{varset_id}/relationships/vars

Args: varset_id: The ID of the variable set (format: "varset-xxxxxxxx") key: The variable name/key category: Variable category ("terraform" or "env")

Returns: The created variable with its configuration and metadata

See: docs/tools/variables.md#create-variable-in-variable-set for reference documentation

Update an existing variable in a variable set.

Modifies the configuration of an existing variable within a variable set. Only specified attributes will be updated; unspecified attributes remain unchanged.

API endpoint: PATCH /varsets/{varset_id}/relationships/vars/{var_id}

Args: varset_id: The ID of the variable set (format: "varset-xxxxxxxx") var_id: The ID of the variable (format: "var-xxxxxxxx")

Returns: The updated variable with all current settings and configuration

See: docs/tools/variables.md#update-variable-in-variable-set for reference documentation