HiveBrain v1.2.0
Get Started
← Back to all entries
snippetterraformMinor

Terraform: how do you inspect sensitive data?

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
inspectyouhowsensitivedataterraform

Problem

In a resource of type aws_ecs_task_definition my plan has an line that looks like this:

~ container_definitions    = (sensitive) # forces replacement


Now in principle this could be doing anything - deleting all my containers, spinning up bitcoin mining containers, etc.

Is there any way I can look at the data, both the old and the new?

Solution

When your configuration or a provider marks an attribute as sensitive, Terraform will always hide that value in any output that's intended for human consumption.

The real values are available in machine-readable output though. This is primarily with the aim of integrating with external software, but if you need to then you can also inspect the machine-readable output directly yourself.

You can get a machine-readable (JSON) rendering of a plan like this:

terraform plan -out=tfplan
terraform show -json tfplan


If you intend to read it directly in the terminal then it can help to pipe it into jq, if you have that utility installed:

terraform show -json tfplan | jq

Code Snippets

terraform plan -out=tfplan
terraform show -json tfplan
terraform show -json tfplan | jq

Context

StackExchange DevOps Q#13842, answer score: 4

Revisions (0)

No revisions yet.