Get private key from terraform state?

I used the terraform resource tls_private_key to generate a key and push that into AWS, but it didn't give me the private key to use to access the related resources. How can I recover that key?

If you need to use a value like this private key for later steps, the common answer is to return it as a root module output value. Since the private key is sensitive, you can mark it as such to prevent Terraform from showing it on the screen by default:

output "private_key" {
  value     = tls_private_key.example.private_key_pem
  sensitive = true
}

When you run terraform apply, Terraform will redact the value because it's sensitive. However, you can still access it from scripts by running terraform output -raw private_key, because the value is still stored in the state and the sensitive option only prevents it from showing in human-oriented output. (The -raw option is intended for use in scripts.)

StackExchange DevOps Q#14493, answer score: 10