steampipe plugin install tfe

Table: tfe_workspace - Query Terraform Enterprise Workspaces using SQL

Terraform Enterprise is a collaborative, scalable, and enterprise-friendly service provided by HashiCorp that enables teams to use Terraform together. It's designed to suit the collaboration and governance needs of large teams and organizations. Workspaces in Terraform Enterprise are used to manage and track infrastructure deployments.

Table Usage Guide

The tfe_workspace table provides insights into Workspaces within Terraform Enterprise. As a DevOps engineer or a system administrator, explore workspace-specific details through this table, including its ID, name, organization, and other associated metadata. Utilize it to uncover information about workspaces, such as those related to specific organizations, the status of the workspace, and the verification of associated metadata.


List workspaces

Explore all the workspaces available in your Terraform Enterprise setup to better manage and organize your infrastructure as code projects. This is useful for gaining a holistic view of your current workspaces, identifying potential areas for consolidation or reorganization.


Get a workspace by ID

Explore the details of a specific workspace in your infrastructure by using its unique identifier. This can help you understand the workspace's current state and configuration, which is useful for troubleshooting or auditing purposes.

id = 'ws-ocYGM1ouZNZWZoUy';
id = 'ws-ocYGM1ouZNZWZoUy';

Get VCS repository settings for workspaces

Explore the configuration of your Version Control System (VCS) repositories linked to your workspaces. This can aid in understanding the specific settings for each repository, such as the associated OAuth token, branch details, and service providers.

vcs_repo ->> 'Identifier' as vcs_repo_identifier,
vcs_repo ->> 'OAuthTokenID' as vcs_repo_oauth_token_id,
vcs_repo ->> 'Branch' as vcs_repo_branch,
vcs_repo ->> 'DisplayIdentifier' as vcs_repo_display_identifier,
vcs_repo ->> 'IngressSubmodules' as vcs_repo_ingress_submodules,
vcs_repo ->> 'RepositoryHTTPURL' as vcs_repo_repository_http_url,
vcs_repo ->> 'ServiceProvider' as vcs_repo_service_provider
json_extract(vcs_repo, '$.Identifier') as vcs_repo_identifier,
json_extract(vcs_repo, '$.OAuthTokenID') as vcs_repo_oauth_token_id,
json_extract(vcs_repo, '$.Branch') as vcs_repo_branch,
json_extract(vcs_repo, '$.DisplayIdentifier') as vcs_repo_display_identifier,
json_extract(vcs_repo, '$.IngressSubmodules') as vcs_repo_ingress_submodules,
json_extract(vcs_repo, '$.RepositoryHTTPURL') as vcs_repo_repository_http_url,
json_extract(vcs_repo, '$.ServiceProvider') as vcs_repo_service_provider

Schema for tfe_workspace

_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
agent_pool_idtextThe ID of the agent pool belonging to the workspace's organization.
allow_destroy_planbooleanWhether destroy plans can be queued on the workspace.
apply_duration_averagetextThis is the average time runs spend in the apply phase, represented in milliseconds.
can_queue_destroy_planbooleanTrue if the destroy plan can be queued.
created_attimestamp with time zoneTime when the workspace was created.
descriptiontextA description for the workspace.
environmenttextEnvironment for the workspace runs.
execution_modetextWhich execution mode to use. Valid values are remote, local, and agent. When set to local, the workspace will be used for state storage only.
file_triggers_enabledbooleanWhether to filter runs based on the changed files in a VCS push. If enabled, the working-directory and trigger-prefixes describe a set of paths which must contain changes for a VCS push to trigger a run. If disabled, any push will trigger a run.
global_remote_statebooleanWhether the workspace should allow all workspaces in the organization to access its state data during runs. If false, then only specifically approved workspaces can access its state.
idtext=ID of the workspace.
lockedbooleanTrue if the workspace is locked.
nametextName of the workspace.
organization_nametextName of the organization containing the workspace.
plan_duration_averagetextThis is the average time runs spend in the plan phase, represented in milliseconds.
policy_check_failuresbigintReports the number of run failures resulting from a policy check failure.
project_idtextThe workspace's project ID.
queue_all_runsbooleanWhether runs should be queued immediately after workspace creation. When set to false, runs triggered by a VCS change will not be queued until at least one run is manually queued.
resource_countbigintNumber of resources in the workspace.
run_failuresbigintReports the number of failed runs.
source_nametextA friendly name for the application or client creating this workspace.
source_urltextA URL for the application or client creating this workspace. This can be the URL of a related resource in another app, or a link to documentation or other info about the client.
speculative_enabledbooleanWhether this workspace allows automatic speculative plans. Setting this to false prevents Terraform Cloud from running plans on pull requests, which can improve security if the VCS repository is public or includes untrusted contributors.
ssh_keyjsonbSSH key assigned to the workspace.
terraform_versiontextThe version of Terraform to use for this workspace. Upon creating a workspace, the latest version is selected unless otherwise specified (e.g. 0.11.1).
trigger_prefixesjsonbList of repository-root-relative paths which should be tracked for changes, in addition to the working directory.
updated_attimestamp with time zoneWhen the workspace was last updated.
vcs_repojsonbSettings for the workspace's VCS repository. If omitted, the workspace is created without a VCS repo.
working_directorytextA relative path that Terraform will execute within. This defaults to the root of your repository and is typically set to a subdirectory matching the environment when multiple environments exist within the same repository.


This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the script:

/bin/sh -c "$(curl -fsSL" -- tfe

You can pass the configuration to the command with the --config argument:

steampipe_export_tfe --config '<your_config>' tfe_workspace