Behavior of random_password

simple question really, but one the docs don’t make very clear.

If I wanted to use random_password to generate a password for a service, on next apply would it rotate the password or honor the original one stored in the tf plan?

In other words, would I have to wrap the resulting account created in a “ignore changes” statement to keep it from constantly updating the password every apply?

Hi @Justin-DynamicD,

All of the random provider resources follow a common pattern of generating a random value during their “create” action and then retaining it in the Terraform state so that it can be used for future operation. The value will not change until the resource object is subsequently destroyed for any reason.

You can use the keepers mechanism to give the resources hints about when they will need to replace themselves in order to generate a new random value. If keepers is not set then the value will be retained until you explicitly destroy the resource object.

1 Like


How to rotate a password created by random_password?
If we create a password this way it is not changed during following runs of Terraform code.
How to overcome this issue?

Best Regards,
Łukasz Gołębiewski