Terraform: Outputs containing non-sensitive transformations of sensitive values should not need to be marked sensitive

Created on 18 Dec 2020  路  2Comments  路  Source: hashicorp/terraform

Terraform Version

Terraform v0.14.3

Terraform Configuration Files

variable "secret" {
  type      = string
  sensitive = true
  default   = "mysecret"
}

output "this_is_not_really_sensitive" {
  value = md5(var.secret)
}

Debug Output

Expected Behavior

This should succeed since the md5 hash of the value is not sensitive

Actual Behavior

Error: Output refers to sensitive values

  on main.tf line 7:
  16: output "this_is_not_really_sensitive" {

Expressions used in outputs can only refer to sensitive values if the
sensitive attribute is true.

Steps to Reproduce

  1. terraform init
  2. terraform plan
bug confirmed v0.14
Source
picture woz5999
👍1

Most helpful comment

That brings up a good point @woz5999, though the conclusion I think we need to make is we need a way for the user to make this determination. Take md5 for example, which the output of itself is not cryptographically secure, so some would argue that the result still needs to be marked as sensitive. There are many possible transformations where this decision cannot be decided by defaults, and erring on the side of maintaining sensitivity is safest.

Providing a way for the user to remove the sensitivity when they are certain it is no longer of use will probably be the way to go here.

picture jbardin on 18 Dec 2020
👍2

All 2 comments

Confirmed, thanks for the reproduction case.

And a good point! The same is true for all of the hash-related functions, so we should ideally address them all at the same time.

alisdair picture alisdair on 18 Dec 2020
👍1

That brings up a good point @woz5999, though the conclusion I think we need to make is we need a way for the user to make this determination. Take md5 for example, which the output of itself is not cryptographically secure, so some would argue that the result still needs to be marked as sensitive. There are many possible transformations where this decision cannot be decided by defaults, and erring on the side of maintaining sensitivity is safest.

Providing a way for the user to remove the sensitivity when they are certain it is no longer of use will probably be the way to go here.

jbardin picture jbardin on 18 Dec 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rnowosielski picture rnowosielski  路  3Comments
rkulagowski picture rkulagowski  路  3Comments
cpoole picture cpoole  路  3Comments
allomov picture allomov  路  3Comments
carl-youngblood picture carl-youngblood  路  3Comments