Open marcoacierno opened 3 years ago
Hello!
I have an environment variable of an Elastic beanstalk resource
Something like this:
resource "aws_elastic_beanstalk_environment" "pycon_env" { name = "${terraform.workspace}-env" application = "${aws_elastic_beanstalk_application.pycon.name}" solution_stack_name = "64bit Amazon Linux 2018.03 v2.12.16 running Docker 18.06.1-ce" tier = "WebServer" setting { namespace = "aws:elasticbeanstalk:application:environment" name = "AWS_ACCESS_KEY_ID" value = "${aws_iam_access_key.backend.id}" } setting { namespace = "aws:elasticbeanstalk:application:environment" name = "AWS_SECRET_ACCESS_KEY" value = "${aws_iam_access_key.backend.secret}" } }
When I run terraform plan -no-color | tfmask the value of AWS_SECRET_ACCESS_KEY does not get replaced with ***
terraform plan -no-color | tfmask
AWS_SECRET_ACCESS_KEY
I was able to hide other stuff like the sentry dsn and more adding new parameters to TFMASK_VALUES_REGEX, I have something like this now:
TFMASK_VALUES_REGEX
(?i)^.*[^a-zA-Z](akia|aroa|asia|access|webhook|aws|setting|profile|database|host|username|address|dsn|oauth|oauth2|application|secret|token|password|key|result|id).*$
(side note, I also tried to hide the database host adding database and host to it, but doesn't work)
database
host
but I can't figure out how to hide that secret key :( Do you have any suggestion?
Thanks a lot!
Hello!
I have an environment variable of an Elastic beanstalk resource
Something like this:
When I run
terraform plan -no-color | tfmaskthe value ofAWS_SECRET_ACCESS_KEYdoes not get replaced with ***I was able to hide other stuff like the sentry dsn and more adding new parameters to
TFMASK_VALUES_REGEX, I have something like this now:(side note, I also tried to hide the database host adding
databaseandhostto it, but doesn't work)but I can't figure out how to hide that secret key :( Do you have any suggestion?
Thanks a lot!