diff --git a/variables.tf b/variables.tf
index e69de29..fc2ba41 100644
--- a/variables.tf
+++ b/variables.tf
@@ -0,0 +1,72 @@
+# =============================================================================
+# VAULT CONFIGURATION
+# =============================================================================
+variable "vault_url" {
+  description = "URL du serveur Vault"
+  type        = string
+  default     = "https://vault.tips-of-mine.com"
+}
+
+variable "vault_token" {
+  description = "Token d'authentification Vault (fourni par CI/CD)"
+  type        = string
+  sensitive   = true
+}
+
+variable "vault_cloudflare_path" {
+  description = "Chemin vers les secrets Cloudflare dans Vault"
+  type        = string
+  default     = "secret/cloudflare"
+}
+
+# =============================================================================
+# CLOUDFLARE CONFIGURATION
+# =============================================================================
+variable "cloudflare_zone" {
+  description = "Domaine principal"
+  type        = string
+  default     = "tips-of-mine.org"
+}
+
+variable "tunnel_name" {
+  description = "Nom du tunnel Cloudflare"
+  type        = string
+  default     = "home-tunnel"
+}
+
+# =============================================================================
+# APPLICATIONS CONFIGURATION
+# =============================================================================
+variable "applications" {
+  description = "Liste des applications à exposer via le tunnel"
+  type = map(object({
+    subdomain          = string
+    origin_url         = string
+    no_tls_verify      = optional(bool, true)
+    access_enabled     = optional(bool, false)
+    access_team_name   = optional(string, "")
+    access_aud_tags    = optional(list(string), [])
+  }))
+  default = {}
+}
+
+# =============================================================================
+# ADVANCED OPTIONS
+# =============================================================================
+variable "tunnel_warp_routing_enabled" {
+  description = "Activer le routage WARP pour le tunnel"
+  type        = bool
+  default     = false
+}
+
+variable "dns_ttl" {
+  description = "TTL pour les enregistrements DNS"
+  type        = number
+  default     = 1
+}
+
+variable "dns_proxied" {
+  description = "Activer le proxy Cloudflare pour les DNS"
+  type        = bool
+  default     = true
+}
\ No newline at end of file