Open kinihun opened 5 years ago
osterman
commented
4 years ago @kinihun this is not enough information for us to reproduce. Please attach the sample output plan/apply output (of course obscure your sensitive data). Then we can ensure the use-case is handled. There's no canonical format for the output of terraform secrets. We handle specific patterns of output.
Here's what we currently test for.
vigffx
commented
4 years ago Ive tried the tests locally on my machine and it does not work too. using the standard defaults.
GMartinez-Sisti
commented
4 years ago I think this only works when values are changing.
With this variable:
export TFMASK_VALUES_REGEX='(?i)^(.*(oauth|secret|token|password|key|result|endpoint).*)$'
This matches (changing values):
endpoint: "aaaaa" => "bbbb"
But this doesn't (new value):
endpoint: "aaaaa"
I think the problem is that only the second option is comtemplated here: https://github.com/cloudposse/tfmask/blob/master/main.go#L41
I'm attempting to add local_file which I use to create a file containing secrets. Attempt to update the tflask using environemtn variable is failing.
typing the values below
exportTFMASK_VALUES_REGEX="(?i)^.(oauth|secret|token|password|key|result|cert|certificate).$" export TFMASK_RESOURCES_REGEX="(?i)^(random_id|local_file).*$"`results in env values as shown below
TFMASK_VALUES_REGEX=(?i)^.*(oauth|secret|token|password|key|result|cert|certificate).*$ TFMASK_RESOURCES_REGEX=(?i)^(random_id|local_file).*$However I see no effect.