terraform-provider-archive icon indicating copy to clipboard operation
terraform-provider-archive copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Feature Request: sensitive content

Open manfredlift opened this issue 5 years ago • 4 comments

Provide a way to pass sensitive content to archive_file. At the moment there is no other way to mask a variable or flag an input as sensitive than at the provider level (https://github.com/hashicorp/terraform/issues/16643#issuecomment-344377348).

Example use case is a rendered template_file with secrets injected into it that we would like to zip.

Three different ways this could be implemented:

data "archive_file" "foobar" {
  type        = "zip"
  output_path = "${path.module}/foobar.zip"

  source {
    content  = "${local.secret}"
    filename = "bar"
    sensitive = true
  }
}

data "archive_file" "foobar" {
  type        = "zip"
  output_path = "${path.module}/foobar.zip"

  source {
    sensitive_content = "${local.secret}"
    filename          = "bar"
  }
}

data "archive_file" "foobar" {
  type        = "zip"
  output_path = "${path.module}/foobar.zip"

  sensitive_source {
    content  = "${local.secret}"
    filename = "bar"
  }
}

manfredlift avatar May 31 '19 15:05 manfredlift

Any progress on this?

pms1969 avatar Jun 17 '20 09:06 pms1969

We need this to obscure secrets.

AndrewNeudegg avatar Jul 06 '20 10:07 AndrewNeudegg

Nudge

pms1969 avatar Sep 25 '20 11:09 pms1969

We need this to hide some secrets from our tfstate.

R0flcopt3r avatar Feb 27 '24 09:02 R0flcopt3r