Starting from Terraform version 0.14 the output values marked as sensitive, are being obscured. I’ll take the following TF output code block as an example:
output "cloudflare_access_secret" {
value = azuread_application_password.cloudflare_access.value
sensitive = true
}
Now, if I run terraform apply the result will be:
cloudflare_access_secret = <sensitive>
Let me show you three ways on how you could expose the output value.
Prerequisites
- Terraform
Solution(s)
terraform output command
Run the following command:
terraform output cloudflare_access_secret
The nonsensitive function
The nonsensitive TF function displays the raw value by returning a copy of it without the sensitive flag. Modify the output block as the following:
output "cloudflare_access_secret" {
value = nonsensitive(azuread_application_password.cloudflare_access.value)
}
Note(s): The function is available from TF version 0.15 and later.
terraform plan & show
Lastly, a two-command solution.
terraform plan -out=tfplan
terraform show -json tfplan
Conclusion
As usual, I strongly encourage against exposing any kind of sensitive outputs especially the ones being part of a CI/CD pipeline and production environments. Instead, use a secret management solution—HashiCorp Vault or any cloud-based managed service.
On another note, follow our official channel on Telegram.