-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Temp output for secrets #4437
Comments
Hi @ejoubaud! This is an interesting approach - but probably not one which will achieve anything (in this case) as the outputs are calculated from other things which are stored in the |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Would be great to have the option to not store an
output
in the .tfstate and disable theterraform output
command to retrieve them (or any other way past the first run).I'm thinking about access keys generated with the
aws_iam_access_key
resource for instance. Say you manage your IAM users with Terraform and generate access keys for them. You only want the key to show up once in theterraform apply
output (so you can send it encrypted to the account owner for instance) but you don't want it to be retrievable later from your terraform config or .tfstate, for security. The way it is in the AWS web console basically: show it to me once, but then don't let anyone see it again, including me.It could be a simple
store=false
param on the output directive:See also related #4436
The text was updated successfully, but these errors were encountered: