search

cloudposse-archives / tfmask

Terraform utility to mask select output from `terraform plan` and `terraform apply`
https://cloudposse.com/accelerate
Apache License 2.0
202 stars 27 forks source link

Mask values in assignment expressions #17

Closed derhally closed 4 years ago

derhally commented 4 years ago

This change will mask lines that match the pattern of "" = "" which usually shows up in property that are maps.

For example: When passing secrets to the AWS lambda environment variables resource, terraform spits out the plan for the lambda with the environment looking like 

 ~ environment {
          ~ variables = {
              - "Environment"           = "sandbox"
              - "db_host"     = "foo.rds.amazonaws.com"
              - "db_password" = "super_secret"
              - "db_port"     = "5432"
              - "db_username" = "randomuser"
            } -> (known after apply)
        }

The change will mask out the "super_secret" value.

eversC commented 4 years ago

fwiw looks good to me @osterman