From ab1dd6f769940c02811536518c17b8f94a7edd74 Mon Sep 17 00:00:00 2001
From: Zach Kipp <zach.kipp@coder.com>
Date: Mon, 4 May 2026 13:52:09 -0600
Subject: [PATCH] refactor: use terraform provider methods for user secret env
 var names

---
 provisioner/terraform/provision.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/provisioner/terraform/provision.go b/provisioner/terraform/provision.go
index 3a72e986ca517..01f52cce2cf06 100644
--- a/provisioner/terraform/provision.go
+++ b/provisioner/terraform/provision.go
@@ -2,7 +2,6 @@ package terraform
 
 import (
 	"context"
-	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -419,14 +418,14 @@ func provisionEnv(
 
 	for _, secret := range userSecrets {
 		if secret.EnvName != "" {
-			env = append(env, fmt.Sprintf("CODER_SECRET_ENV_%s=%s", secret.EnvName, string(secret.Value)))
+			env = append(env, provider.SecretEnvEnvironmentVariable(secret.EnvName)+"="+string(secret.Value))
 		}
 		if secret.FilePath != "" {
 			// Environment variables are used to communicate the file path a
 			// secret should be written to. The hex encoding is done because
 			// file paths contain slashes, tildes, and dots that are illegal
 			// in environment variable names.
-			env = append(env, fmt.Sprintf("CODER_SECRET_FILE_%s=%s", hex.EncodeToString([]byte(secret.FilePath)), string(secret.Value)))
+			env = append(env, provider.SecretFileEnvironmentVariable(secret.FilePath)+"="+string(secret.Value))
 		}
 	}