Closed wata727 closed 2 years ago
👋 Hello!
I am also experiencing this issue. From my CI job logs:
$ tflint --version
TFLint version 0.39.3
$ tflint --init
Installing `aws` plugin...
Installed `aws` (source: github.com/terraform-linters/tflint-ruleset-aws, version: 0.16.1)
$ tflint --format=junit . >tflint-junit.xml
Failed to check ruleset; Failed to check `aws_secretsmanager_secret_version_invalid_secret_string` rule: value has marks, so it cannot be serialized
As a workaround, I disabled the aws_secretsmanager_secret_version_invalid_secret_string
rule (based on the user guide's Configuring TFLint: rule
blocks) by adding the following to my .tflint.hcl
configuration file:
rule "aws_secretsmanager_secret_version_invalid_secret_string" {
enabled = false
}
Introduction
Similar to https://github.com/terraform-linters/tflint/issues/1447, An error occurs when a variable marked as sensitive is evaluated.
Expected Behavior
No error occurs.
However, there is room for consideration as to how to handle the value. This error is about serializing the marked
cty.Value
, and unmarking it could allow the plugin to disclose sensitive values. It will be necessary to consider whether it is the responsibility of the plugin to handle sensitive values or safety guard should be provided as TFLint.Actual behavior
Step to Reproduce
main.tf
.tflint.hcl
tflint --init
tflint
Additional Context