search

hashicorp / terraform-provider-random

Utility provider that supports the use of randomness within Terraform configurations.
https://registry.terraform.io/providers/hashicorp/random/latest
Mozilla Public License 2.0
203 stars 117 forks source link

Importing a random password using an import block outputs a sensitive value during apply. #564

Open hguermeur opened 6 months ago

hguermeur commented 6 months ago

Terraform CLI and Provider Versions

Terraform v1.7.5 on linux_amd64

Terraform Configuration

import {
  to = random_password.mypassword
  id = "Mysecurepassword3%"
}

resource "random_password" "mypassword" {
  length  = 30
  lower   = true
  special = true
  upper   = true

  lifecycle {
    ignore_changes = [length]
  }
}

Expected Behavior

random_password.mypassword: Importing... [id=none] random_password.mypassword: Import complete [id=none]

Actual Behavior

random_password.mypassword: Importing... [id=Mysecurepassword3%] random_password.mypassword: Import complete [id=Mysecurepassword3%]

Steps to Reproduce

terraform apply

How much impact is this issue causing?

Medium

Logs

No response

Additional Information

Using terraform console :

> random_password.mypassword.id
"none"

Use sensitive does not help:

  id = sensitive("Mysecurepassword3%")

Code of Conduct

matthew-palmer commented 6 months ago

Anything related to the random_password could use better obfuscation - related https://github.com/hashicorp/terraform-provider-random/issues/82