When showing the state of the secret version, just get shown this:

 terraform state show aws_secretsmanager_secret_version.mysecret

   secret_string  = (sensitive value)

I want now to see, what the acctual value is, but i do not know how to do it. I have and saw answers like "use terraform output", but when using this:

terraform output aws_secretsmanager_secret_version.mysecret

I get:

The state file either has no outputs defined, or all the defined outputs are empty. 

Can anyone help with this, please?

CodePudding user response：

This is by design and for very good reason. Generally, console output will always mask sensitive data from being displayed. The output command you mentioned is only helpful if you have defined an output block that would display this resource or attribute. However, all is not lost. You can either look directly in the state file since the state file will hold the value in plain text. Or you can use terraform console command which is my preference since I prefer where possible to not touch the state file.

CDoyle@MINGW64 ~/PycharmProjects/stack
$ terraform state show random_password.this
# random_password.this:            
resource "random_password" "this" {
    bcrypt_hash = (sensitive value)
    id          = "none"           
    length      = 10               
    lower       = true             
    min_lower   = 0                
    min_numeric = 0                
    min_special = 0                
    min_upper   = 0                
    number      = true             
    numeric     = true             
    result      = (sensitive value)
    special     = true             
    upper       = true             
}

CDoyle@MINGW64 ~/PycharmProjects/stack
$ terraform console
> nonsensitive(random_password.this.result)
"I]-q*DCL &"