How to hide secrets when using an ARM template

rehaanqureshi · March 24, 2021, 4:59pm

TF version: 0.12.26

I’m trying to pass secrets from Vault to a template file using the templatefile() method, as part of an ARM template deployment. The resulting template, including the secrets are visible in the terraform plan stage. Is there any way to pass secrets into a template without the secrets showing up in the plan stage?

main.tf
resource “azurerm_resource_group_template_deployment” “test” {

client_id                 = data.vault_generic_secret.service_principal_creds.data["client_id"],
client_secret         = data.vault_generic_secret.service_principal_creds.data["client_secret"]

}

tmpl file
“parameters”: {
“clientId”: {
“defaultValue”: “${client_id}”,
“type”: “string”
},

    "clientSecret": {
        "defaultValue": "${client_secret}",
        "type": "string"
    },

Topic		Replies	Views
Preventing secrets from getting stomped when running terraform apply Vault	5	336	November 16, 2022
Vault_generic_secret and variables in json? Terraform	3	4852	September 23, 2021
Terraform Enterprise access to secret in Vault HCP Terraform vault	0	298	December 9, 2022
Terraform Vault Provider Terraform	0	256	May 17, 2021
Unable to get vault secret from namespace Vault	2	2466	December 13, 2021

How to hide secrets when using an ARM template

Related topics