terraform
config_error
ai_generated
true
错误:输出引用敏感值:输出 "db_password" 依赖于敏感属性 "var.db_password"
Error: Output refers to sensitive values: output "db_password" depends on sensitive attribute "var.db_password"
ID: terraform/sensitive-variable-in-output
90%修复率
88%置信度
1证据数
2024-05-12首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Terraform v1.5.0 | active | — | — | — |
| Terraform v1.6.0 | active | — | — | — |
| Terraform v1.7.0 | active | — | — | — |
根因分析
输出值来源于敏感变量或资源属性,但未显式标记为敏感,导致验证错误。
English
An output value is derived from a sensitive variable or resource attribute without being explicitly marked as sensitive, causing a validation error.
官方文档
https://developer.hashicorp.com/terraform/language/values/outputs#sensitive-outputs解决方案
-
Mark the output as sensitive: `output "db_password" { value = var.db_password; sensitive = true }` -
If the value is not truly sensitive, remove the `sensitive = true` from the variable and use `nonsensitive(var.db_password)` in the output.
无效尝试
常见但无效的做法:
-
Remove the sensitive attribute from the variable definition
70% 失败
The data is still sensitive; removing the attribute doesn't make it safe to expose.
-
Use nonsensitive() function in the output value
60% 失败
nonsensitive() only works if the value is not truly sensitive; it may cause a runtime error if the source is sensitive.
-
Comment out the output block entirely
40% 失败
This hides the value but doesn't fix the underlying dependency issue.