diff --git a/command/hcl2_upgrade.go b/command/hcl2_upgrade.go
index 2923d91fa..186d3c024 100644
--- a/command/hcl2_upgrade.go
+++ b/command/hcl2_upgrade.go
@@ -436,6 +436,10 @@ func variableTransposeTemplatingCalls(s []byte) (isLocal bool, body []byte) {
 		isLocal = true
 		return ""
 	}
+	funcMap["user"] = func(a ...string) string {
+		isLocal = true
+		return ""
+	}
 
 	tpl, err := texttemplate.New("hcl2_upgrade").
 		Funcs(funcMap).
@@ -896,6 +900,10 @@ type BuildParser struct {
 }
 
 func (p *BuildParser) Parse(tpl *template.Template) error {
+	if len(p.Builders) == 0 {
+		return nil
+	}
+
 	buildContent := hclwrite.NewEmptyFile()
 	buildBody := buildContent.Body()
 	if tpl.Description != "" {
diff --git a/command/hcl2_upgrade_test.go b/command/hcl2_upgrade_test.go
index 9368a5f80..1d8818e4e 100644
--- a/command/hcl2_upgrade_test.go
+++ b/command/hcl2_upgrade_test.go
@@ -26,6 +26,8 @@ func Test_hcl2_upgrade(t *testing.T) {
 		{folder: "source-name", flags: []string{"-with-annotations"}},
 		{folder: "error-cleanup-provisioner", flags: []string{"-with-annotations"}},
 		{folder: "aws-access-config", flags: []string{}},
+		{folder: "variables-only", flags: []string{}},
+		{folder: "variables-with-variables", flags: []string{}},
 	}
 
 	for _, tc := range tc {
diff --git a/command/test-fixtures/hcl2_upgrade/variables-only/expected.pkr.hcl b/command/test-fixtures/hcl2_upgrade/variables-only/expected.pkr.hcl
new file mode 100644
index 000000000..2b612eb57
--- /dev/null
+++ b/command/test-fixtures/hcl2_upgrade/variables-only/expected.pkr.hcl
@@ -0,0 +1,45 @@
+
+variable "aws_access_key" {
+  type      = string
+  default   = ""
+  sensitive = true
+}
+
+variable "aws_region" {
+  type = string
+}
+
+variable "aws_secondary_region" {
+  type    = string
+  default = "${env("AWS_DEFAULT_REGION")}"
+}
+
+variable "aws_secret_key" {
+  type      = string
+  default   = ""
+  sensitive = true
+}
+
+variable "secret_account" {
+  type      = string
+  default   = "🤷"
+  sensitive = true
+}
+
+data "amazon-secretsmanager" "autogenerated_1" {
+  name = "sample/app/password"
+}
+
+data "amazon-secretsmanager" "autogenerated_2" {
+  key  = "api_key"
+  name = "sample/app/passwords"
+}
+
+local "password" {
+  sensitive  = true
+  expression = "${data.amazon-secretsmanager.autogenerated_1.value}"
+}
+
+locals {
+  password_key = "MY_KEY_${data.amazon-secretsmanager.autogenerated_2.value}"
+}
diff --git a/command/test-fixtures/hcl2_upgrade/variables-only/input.json b/command/test-fixtures/hcl2_upgrade/variables-only/input.json
new file mode 100644
index 000000000..27cefb911
--- /dev/null
+++ b/command/test-fixtures/hcl2_upgrade/variables-only/input.json
@@ -0,0 +1,18 @@
+{
+    "variables": {
+        "secret_account": "🤷",
+        "aws_region": null,
+        "aws_secondary_region": "{{ env `AWS_DEFAULT_REGION` }}",
+        "aws_secret_key": "",
+        "aws_access_key": "",
+        "password": "{{ aws_secretsmanager `sample/app/password` }}",
+        "password_key": "MY_KEY_{{ aws_secretsmanager `sample/app/passwords` `api_key` }}"
+    },
+    "sensitive-variables": [
+        "aws_secret_key",
+        "aws_access_key",
+        "secret_account",
+        "potato",
+        "password"
+    ]
+}
\ No newline at end of file
diff --git a/command/test-fixtures/hcl2_upgrade/variables-with-variables/expected.pkr.hcl b/command/test-fixtures/hcl2_upgrade/variables-with-variables/expected.pkr.hcl
new file mode 100644
index 000000000..d3838edde
--- /dev/null
+++ b/command/test-fixtures/hcl2_upgrade/variables-with-variables/expected.pkr.hcl
@@ -0,0 +1,25 @@
+
+variable "aws_access_key" {
+  type      = string
+  default   = ""
+  sensitive = true
+}
+
+variable "aws_region" {
+  type = string
+}
+
+variable "aws_secret_key" {
+  type      = string
+  default   = ""
+  sensitive = true
+}
+
+local "password" {
+  sensitive  = true
+  expression = "${var.aws_secret_key}-${var.aws_access_key}"
+}
+
+locals {
+  aws_secondary_region = "${var.aws_region}"
+}
diff --git a/command/test-fixtures/hcl2_upgrade/variables-with-variables/input.json b/command/test-fixtures/hcl2_upgrade/variables-with-variables/input.json
new file mode 100644
index 000000000..4696945de
--- /dev/null
+++ b/command/test-fixtures/hcl2_upgrade/variables-with-variables/input.json
@@ -0,0 +1,14 @@
+{
+    "variables": {
+        "aws_region": null,
+        "aws_secondary_region": "{{ user `aws_region` }}",
+        "aws_secret_key": "",
+        "aws_access_key": "",
+        "password": "{{ user `aws_secret_key` }}-{{ user `aws_access_key` }}"
+    },
+    "sensitive-variables": [
+        "aws_secret_key",
+        "aws_access_key",
+        "password"
+    ]
+}
\ No newline at end of file
diff --git a/website/content/docs/commands/hcl2_upgrade.mdx b/website/content/docs/commands/hcl2_upgrade.mdx
index d6a5b44e6..247de3da2 100644
--- a/website/content/docs/commands/hcl2_upgrade.mdx
+++ b/website/content/docs/commands/hcl2_upgrade.mdx
@@ -26,31 +26,57 @@ $ packer hcl2_upgrade my-template.json
 Successfully created my-template.json.pkr.hcl
 ```
 
-## User variables using other user variables
-
-Packer JSON recently started allowing using user variables from variables. In
-HCL2, input variables cannot use functions nor other variables and are
-virtually static, local variables must be used instead to craft more dynamic
-variables. For that reason `hcl2_upgrade` cannot decide for you what local
-variables to create and the `hcl2_upgrade` command will simply output all seen
-variables as an input variable, it is now up to you to create a local variable.
+## Upgrading variables file
+
+From **v1.7.1**, the `hcl2_upgrade` command can upgrade a variables file.
+
+<Tabs>
+<Tab heading="Original file (variables.json)">
+
+```json
+{
+    "variables": {
+        "aws_region": null,
+        "aws_secondary_region": "{{ env `AWS_DEFAULT_REGION` }}",
+        "aws_secret_key": "",
+        "aws_access_key": "",
+    },
+    "sensitive-variables": [
+        "aws_secret_key",
+        "aws_access_key",
+    ]
+}
+```
 
-Here is an example of a local variable using a string input variables:
+</Tab>
+<Tab heading="Result file (variables.pkr.hcl)">
 
 ```hcl
-variable "foo" {
-  default = "Hello,"
+variable "aws_access_key" {
+  type      = string
+  default   = ""
+  sensitive = true
 }
 
-variable "bar" {
-  default = "World!"
+variable "aws_region" {
+  type = string
 }
 
-locals {
-  baz = "${var.foo} ${var.bar}"
+variable "aws_secondary_region" {
+  type    = string
+  default = "${env("AWS_DEFAULT_REGION")}"
+}
+
+variable "aws_secret_key" {
+  type      = string
+  default   = ""
+  sensitive = true
 }
 ```
 
+</Tab>
+</Tabs>
+
 ## Go template functions
 
 `hcl2_upgrade` will do its best to transform your go _template calls_ to HCL2,
@@ -79,3 +105,30 @@ working on improving this part of the transformer.
 - `-output-file` - File where to put the hcl2 generated config. Defaults to
   JSON_TEMPLATE.pkr.hcl
 - `-with-annotations` - Adds helper annotations with information about the generated HCL2 blocks.
+
+## User variables using other user variables
+
+Packer JSON recently started allowing using user variables from variables. In
+HCL2, input variables cannot use functions nor other variables and are
+virtually static, local variables must be used instead to craft more dynamic
+variables.
+
+For v1.7.0 and lower, `hcl2_upgrade` doesn't upgrade variables to local variables,
+and it is up to you to upgrade them manually. Upgrade to **v1.7.1** to let the command do it
+automatically for you.
+
+Here is an example of a local variable using a string input variables:
+
+```hcl
+variable "foo" {
+  default = "Hello,"
+}
+
+variable "bar" {
+  default = "World!"
+}
+
+locals {
+  baz = "${var.foo} ${var.bar}"
+}
+```