Question: How to force current value (not from state) for DELETE command?

[dsch]

How can I use the current value in sensitive_environment for the DELETE command? As far as I understand the environment is stored in the state and the same environment used for CREATE is also used for DELETE. This makes probably sense for most use cases.

My use-case: I'm using a shell_script resource to create a API token for an REST API. I need first to authenticate with username/password to create the token. The password is passed as sensitive_environment to the command. The password is stored in a terraform_remote_state.

If the password gets rotated in the remote state the token can't be deleted anymore since the 'old' password is still used. Because it's stored in the state and used for the delete command.

[benohara]

Seeing the same problem.

Use a data source to get the token, pass the token into a shell resource which creates fine....but the delete sends the old token from the state and fails.

[benohara]

Actually, seems to work if....generate the token via the data resource...output that from the module and set it on the sensitive_environment of the provider config...pass the provider into the module and dont pass the token into the resources, let them use the variable from the provider.