Terraform: Resource aws_directory_service_directory password plain-text in state
Hi,
Terraform Version
0.8.5
Affected Resource(s)
- aws_directory_service_directory
Terraform Configuration Files
resource "aws_directory_service_directory" "test" {
type = "MicrosoftAD"
name = "test.test"
short_name = "TESTAD"
password = "ohnomypassword"
vpc_settings {
vpc_id = "vpc-00000000"
subnet_ids = ["subnet-00000001", "subnet-00000002"]
}
}
Expected Behavior
Where passwords are not retrievable I question the need to have them in the state file?
Terraform also prints the password out in the plan.
Actual Behavior
Password is stored plan-text in state.
References
I couldn't find any other reference to this.
agarstang
All 3 comments
Hi @agarstang
Thanks for the issue report here - thanks to @radeksimko, this will now be marked as sensitive in the state as of Terraform 0.9.3 :)
Paul
stack72
on 30 Mar 2017
Just to be clear, the password will remain stored as plain-text in the state, but won't be displayed in plan or apply output anymore. Sensitive data in the state file is more of a generic topic which we plan to address better at some point in the future. See https://www.terraform.io/docs/state/sensitive-data.html for more details
radeksimko
on 30 Mar 2017
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 14 Apr 2020
Related issues
thebenwaters
ยท
3Comments
ronnix
ยท
3Comments
allomov
ยท
3Comments
zeninfinity
ยท
3Comments
jrnt30
ยท
3Comments