Menu
I have a terraform config which creates an AWS IAM user with an access key, and I assign both id and secret to output variables:
...
resource "aws_iam_access_key" "brand_new_user" {
user = aws_iam_user.brand_new_user.name
}
output "brand_new_user_id" {
value = aws_iam_access_key.brand_new_user.id
}
output "brand_new_user_secret" {
value = aws_iam_access_key.brand_new_user.encrypted_secret
sensitive = true
}
Here brand_new_user_secret is declared as sensitive, so terraform output obviously does not print it.
Is there any way to get its output value without parsing the whole state file?
Trying to access it directly (terraform output brand_new_user_secret) does not work (results in an error "The output variable requested could not be found in the state file...").
Terraform version: 0.12.18
936
I had some hopes to avoid it, but so far I did not find a better way than parse terraform state:
terraform state pull | jq '.resources[] | select(.type == "aws_iam_access_key") | .instances[0].attributes'
which would result in a structure similar to:
{
"encrypted_secret": null,
"id": "....",
"key_fingerprint": null,
"pgp_key": null,
"secret": "....",
"ses_smtp_password": "....",
"ses_smtp_password_v4": null,
"status": "Active",
"user": "...."
}
To see the sensitive value interactively, i.e. for the purposes of analyzing/debugging the state, you can use the Terraform's console command and nonsensitive() function:
$ terraform console
> nonsensitive(aws_iam_access_key.brand_new_user.encrypted_secret)
You may need to use other functions to decode/manipulate the value before printing it.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
