Menu
I am trying to initialize a database using a docker image with a local provider.
resource "null_resource" "db_setup" {
provisioner "local-exec" {
command = <<EOT
docker run \
-e DB_CONNECTION="mysql" \
-e DB_HOST=${module.mysql_others.endpoint} \
-e DB_DATABASE=${data.aws_ssm_parameter.DATABASE.value} \
-e DB_USERNAME=${data.aws_ssm_parameter.USERNAME.value} \
-e DB_PASSWORD=${data.aws_ssm_parameter.PASSWORD.value} \
random_docker_image:latest \
./database_seed
EOT
}
}
I am getting all the comand in clear text when I terraform apply it. Is there any way of avoid it?
684
asked Aug 31 '25 17:08
You could use sensitive function with locals to "mark" variable as sensitive.
locals {
sensitive_db_password = sensitive(data.aws_ssm_parameter.PASSWORD.value)
}
resource "null_resource" "db_setup" {
provisioner "local-exec" {
command = <<EOT
docker run \
-e DB_CONNECTION="mysql" \
-e DB_HOST=${module.mysql_others.endpoint} \
-e DB_DATABASE=${data.aws_ssm_parameter.DATABASE.value} \
-e DB_USERNAME=${data.aws_ssm_parameter.USERNAME.value} \
-e DB_PASSWORD=${local.sensitive_db_password} \
random_docker_image:latest \
./database_seed
EOT
}
}
Output will be suppressed.
Documentation : https://www.terraform.io/language/functions/sensitive
189
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
