Terraform: Sensitive errors if specified in multiple levels of variables

Created on 3 Dec 2020  ยท  5Comments  ยท  Source: hashicorp/terraform

Terraform Version

Terraform v0.14.0
+ provider registry.terraform.io/hashicorp/aws v3.19.0
+ provider registry.terraform.io/hashicorp/external v1.2.0
+ provider registry.terraform.io/hashicorp/random v3.0.0

Terraform Configuration Files

main.tf:

variable "secret" {
  type      = string
  sensitive = true
}

module "module" {
  source = "./module"
  secret = var.secret
}

module/main.tf:

variable "secret" {
  type      = string
  sensitive = true
}

resource "local_file" "secret" {
  content         = var.secret
  filename        = "${path.module}/secret.txt"
  file_permission = "0600"
}

Debug Output

https://gist.github.com/douglaswth/daf02c0a31f51b21db3d945bb2ccba39

Expected Behavior

Either terraform plan or terraform apply should show the expected changes.

Actual Behavior

Instead, both commands error with the following message:

Error: .content: value has marks, so it cannot be serialized

Steps to Reproduce

  1. export TF_VAR_secret=secret
  2. terraform init
  3. terraform apply

References

  • #26922
bug confirmed v0.14
Source
picture douglaswth

Most helpful comment

Unfortunately I still see "value has marks, so it cannot be serialized" issue, so probably will open a separate ticket.

picture nick4fake on 8 Dec 2020
👍4

All 5 comments

I've reproduced this issue and copied the reproduction case to https://github.com/danieldreier/terraform-issue-reproductions/tree/master/27095. Thanks for reporting this with a clear, simple reproduction case @douglaswth!

danieldreier picture danieldreier on 3 Dec 2020
🎉2

@danieldreier Is there a way to create a minor release for this one? Unfortunately there are no ways to use terraform 0.14 with GKE module due to this bug.

nick4fake picture nick4fake on 8 Dec 2020

@nick4fake This is going out in the 0.14.1 version, which will be releasing today. And it should only impact users using sensitive on variables, so it should not be blocking any 0.14 migrations. If it somehow is, please share more information and replication in a new issue.

pselle picture pselle on 8 Dec 2020
🚀1 👍1

Unfortunately I still see "value has marks, so it cannot be serialized" issue, so probably will open a separate ticket.

nick4fake picture nick4fake on 8 Dec 2020
👍4

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 4 Jan 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rjinski picture rjinski  ยท  3Comments
zeninfinity picture zeninfinity  ยท  3Comments
larstobi picture larstobi  ยท  3Comments
allomov picture allomov  ยท  3Comments
cpoole picture cpoole  ยท  3Comments