refactor(provider): switch auth from password to API token

Prefer API token over username/password — scoped to least-privilege TerraformRole, reduces blast radius if credentials leak.
2026-04-10 21:31:58 -05:00
parent ac41e3448e
commit dc4ade7ed1
5 changed files with 64 additions and 12 deletions
--- a/variables.tf
+++ b/variables.tf
@@ -3,13 +3,8 @@ variable "proxmox_endpoint" {
  type        = string
 }

-variable "proxmox_username" {
-  description = "Proxmox user in the form user@realm, e.g. terraform@pve"
-  type        = string
-}
-
-variable "proxmox_password" {
-  description = "Password for the Proxmox user"
+variable "proxmox_api_token" {
+  description = "Proxmox API token in the form user@realm!token-id=secret, e.g. terraform@pve!api-token-name=<SECRET>"
  type        = string
  sensitive   = true
 }