diff --git a/docs/index.md b/docs/index.md index b2163e31..9c2535df 100644 --- a/docs/index.md +++ b/docs/index.md @@ -37,7 +37,6 @@ Development happens in the [GitHub repo](https://github.com/heroku/terraform-pro ```hcl-terraform # Configure the Heroku provider provider "heroku" { - email = "ops@company.com" api_key = var.heroku_api_key } @@ -57,31 +56,44 @@ precedence, and explained below: * Environment variables * Netrc +### Generating tokens + +All authentication tokens must be generated with one of these methods: + +* [Heroku Dashboard](https://dashboard.heroku.com) → Account Settings → Applications → [Authorizations](https://dashboard.heroku.com/account/applications) +* `heroku auth` command of the [Heroku CLI](https://devcenter.heroku.com/articles/heroku-cli) +* [Heroku Platform APIs: OAuth](https://devcenter.heroku.com/articles/platform-api-reference#oauth-authorization) + +⛔️ Direct username-password authentication is [no longer supported by Heroku API](https://devcenter.heroku.com/changelog-items/2516). + ### Static credentials -Credentials can be provided statically by adding `email` and `api_key` arguments +Credentials can be provided statically by adding `api_key` property to the Heroku provider block: ```hcl-terraform +variable "heroku_api_key" { + type = string + sensitive = true +} + provider "heroku" { - email = "ops@company.com" api_key = var.heroku_api_key } ``` ### Environment variables -When the Heroku provider block does not contain an `email` or `api_key` -argument, the missing credentials will be sourced from the environment via the -`HEROKU_EMAIL` and `HEROKU_API_KEY` environment variables respectively: +When the Heroku provider block does not contain an `api_key` +argument, the missing credentials will be sourced from the environment via the +`HEROKU_API_KEY` environment variable: ```hcl-terraform provider "heroku" {} ``` ```shell -$ export HEROKU_EMAIL="ops@company.com" -$ export HEROKU_API_KEY="heroku_api_key" +$ export HEROKU_API_KEY="<heroku_auth_token>" $ terraform plan Refreshing Terraform state in-memory prior to plan... ``` @@ -99,8 +111,8 @@ provider "heroku" {} $ cat ~/.netrc ... machine api.heroku.com - login <your_heroku_email> - password <your_heroku_api_key> + login <ignored, can be any value> + password <heroku_auth_token> ... ``` @@ -113,8 +125,9 @@ The following arguments are supported: * `api_key` - (Required) Heroku API token. It must be provided, but it can also be sourced from [other locations](#Authentication). -* `email` - (Required) Email to be notified by Heroku. It must be provided, but - it can also be sourced from [other locations](#Authentication). +* `email` - (Ignored) This field originally supported username-password authentication, + but has since [been deprecated](https://devcenter.heroku.com/changelog-items/2516). + Instead, simply set an auth token in the `api_key` property. * `headers` - (Optional) Additional Headers to be sent to Heroku, as a string-encoded JSON object, for example: `{"X-Custom-Header":"yes","X-Custom-Header-Too":"no"}`. If not provided, it will be @@ -147,4 +160,4 @@ The following arguments are supported: and it supports the following arguments: * `addon_create_timeout` - (Optional) The number of minutes for the provider to wait for an addon to be - created/provisioned. Defaults to 20 minutes. Minimum required value is 10 minutes. \ No newline at end of file + created/provisioned. Defaults to 20 minutes. Minimum required value is 10 minutes.