Open kinihun opened 5 years ago
@kinihun this is not enough information for us to reproduce. Please attach the sample output plan/apply output (of course obscure your sensitive data). Then we can ensure the use-case is handled. There's no canonical format for the output of terraform secrets. We handle specific patterns of output.
Here's what we currently test for.
Ive tried the tests locally on my machine and it does not work too. using the standard defaults.
I think this only works when values are changing.
With this variable:
export TFMASK_VALUES_REGEX='(?i)^(.*(oauth|secret|token|password|key|result|endpoint).*)$'
This matches (changing values):
endpoint: "aaaaa" => "bbbb"
But this doesn't (new value):
endpoint: "aaaaa"
I think the problem is that only the second option is comtemplated here: https://github.com/cloudposse/tfmask/blob/master/main.go#L41
I'm attempting to add local_file which I use to create a file containing secrets. Attempt to update the tflask using environemtn variable is failing.
typing the values below
export
TFMASK_VALUES_REGEX="(?i)^.(oauth|secret|token|password|key|result|cert|certificate).$" export TFMASK_RESOURCES_REGEX="(?i)^(random_id|local_file).*$"`results in env values as shown below
TFMASK_VALUES_REGEX=(?i)^.*(oauth|secret|token|password|key|result|cert|certificate).*$ TFMASK_RESOURCES_REGEX=(?i)^(random_id|local_file).*$
However I see no effect.