如何在 terraform 中提取敏感的输出变量? [英] How to extract sensitive output variables in terraform?
问题描述
我有一个 terraform 配置,它使用访问密钥创建一个 AWS IAM 用户,并将 id 和 secret 分配给输出变量:
I have a terraform config which creates an AWS IAM user with an access key, and I assign both id and secret to output variables:
...
resource "aws_iam_access_key" "brand_new_user" {
user = aws_iam_user.brand_new_user.name
}
output "brand_new_user_id" {
value = aws_iam_access_key.brand_new_user.id
}
output "brand_new_user_secret" {
value = aws_iam_access_key.brand_new_user.encrypted_secret
sensitive = true
}
这里 brand_new_user_secret
被声明为敏感的,所以 terraform output
显然不会打印它.
Here brand_new_user_secret
is declared as sensitive, so terraform output
obviously does not print it.
有没有办法在不解析整个状态文件的情况下获得它的输出值?尝试直接访问它(terraform output brand_new_user_secret
)不起作用(导致错误在状态文件中找不到请求的输出变量...").
Is there any way to get its output value without parsing the whole state file?
Trying to access it directly (terraform output brand_new_user_secret
) does not work (results in an error "The output variable requested could not be found in the state file...").
Terraform 版本:0.12.18
Terraform version: 0.12.18
推荐答案
我有一些希望避免它,但到目前为止我没有找到比解析 terraform state 更好的方法:
I had some hopes to avoid it, but so far I did not find a better way than parse terraform state:
terraform state pull | jq '.resources[] | select(.type == "aws_iam_access_key") | .instances[0].attributes'
这将导致类似于以下的结构:
which would result in a structure similar to:
{
"encrypted_secret": null,
"id": "....",
"key_fingerprint": null,
"pgp_key": null,
"secret": "....",
"ses_smtp_password": "....",
"ses_smtp_password_v4": null,
"status": "Active",
"user": "...."
}
这篇关于如何在 terraform 中提取敏感的输出变量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!