You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
right now extracting a sensitive value is unnecessarily complicated.
the sensitive values are easily viewable in the state file. a simple terraform state pull will let anyone see them.
terraform state show doesn't provide an option to view them (note terraform show does)
instead of having a nice experience with terraform I'm forced to pull the state file and investigate it manually.
it should be as simple as terraform state show -json my.resource to see the values instead one has to go through a multi-step process to find the value.
Attempted Solutions
vim/jq/etc anything that can view / process the json state file.
Proposal
given that the data is already available; making it stupidly annoying to extract the values is just security through obscurity bullshit and doesn't actually provide any reasonable value to the tool beyond preventing accidental exposure in logs etc.
References
No response
The text was updated successfully, but these errors were encountered:
@crw
Hi,
I suggest the addition of a --ignore-sensitive flag to the Terraform command line interface. This flag would allow users to display sensitive data in output and if --ignore-sensitive outputname is used, it would ignore sensitive information for the specified output. This feature would improve usability and make it easier for users to access sensitive information when necessary.
If you think this is a good solution I can work on it
It's not just terraform state - it's very annoying to have to jump through all sorts of hoops in order to figure out what will change when doing terraform plan.
Terraform Version
Use Cases
right now extracting a sensitive value is unnecessarily complicated.
instead of having a nice experience with terraform I'm forced to pull the state file and investigate it manually.
it should be as simple as
terraform state show -json my.resource
to see the values instead one has to go through a multi-step process to find the value.Attempted Solutions
vim/jq/etc anything that can view / process the json state file.
Proposal
given that the data is already available; making it stupidly annoying to extract the values is just security through obscurity bullshit and doesn't actually provide any reasonable value to the tool beyond preventing accidental exposure in logs etc.
References
No response
The text was updated successfully, but these errors were encountered: