# 错误：输出引用敏感值：输出 "db_password" 依赖于敏感属性 "var.db_password"

- **ID:** `terraform/sensitive-variable-in-output`
- **领域:** terraform
- **类别:** config_error
- **验证级别:** ai_generated
- **修复率:** 90%

## 根因

输出值来源于敏感变量或资源属性，但未显式标记为敏感，导致验证错误。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Terraform v1.5.0 | active | — | — |
| Terraform v1.6.0 | active | — | — |
| Terraform v1.7.0 | active | — | — |

## 解决方案

1. ```
   Mark the output as sensitive: `output "db_password" { value = var.db_password; sensitive = true }`
   ```
2. ```
   If the value is not truly sensitive, remove the `sensitive = true` from the variable and use `nonsensitive(var.db_password)` in the output.
   ```

## 无效尝试

- **Remove the sensitive attribute from the variable definition** — The data is still sensitive; removing the attribute doesn't make it safe to expose. (70% 失败率)
- **Use nonsensitive() function in the output value** — nonsensitive() only works if the value is not truly sensitive; it may cause a runtime error if the source is sensitive. (60% 失败率)
- **Comment out the output block entirely** — This hides the value but doesn't fix the underlying dependency issue. (40% 失败率)