Sensitive input variable do not echo

Would it be possible to prevent the echo of the characters (on screen) of “sensitive” variables when I am typing them out?

Terraform version: 1.0.1

The typical use case is when sharing screen with a bunch of folks during demos/explanations.

Typical variables are things like tokens which may have admin privileges.

Marking the variable sensitive prevents output, which is good, but it would be awesome if the characters were not echoed during input.


You could put them in *.auto.tfvars files or env vars so you don’t have to type them at all.

Thanks, this would be fine when I am running things from my personal workstation.
(usually most providers support env variables for their token) :+1:

What I forgot to mention in the OP, is that there is also a common/shared “Terraform Machine” which can be used by multiple people. (so I can’t save it in that machine’s bash profile)

You can source any variable from env vars by naming it correctly (TF_VAR_xxx). See Input Variables - Configuration Language - Terraform by HashiCorp

You don’t have to store env vars in your .bashrc. You can set them directly on the command line via export VAR_NAME="value". Then if you run clear nobody will see it. Note you will be able to find things in history, so a safer option would be read input && export VAR_NAME="$input"

1 Like

This seems most sensible, thanks!!!

read input && export VAR_NAME="$input"

I do hope a noecho or echo option does get implemented for variable.