I’ve noticed that .tfstate for “azurerm_postgresql_server” contains “administrator_login_password” in plain text. Although we are using encrypted S3 bucket for storing our terraform backend files, we would prefer to avoid keeping any sort of sensitive information in plain text.
Could this password be kept hashed to be able to compare input variable with an existing resource or is it not possible due to some terraform internal restrictions?
I had a look at our .tfstate of AWS provider for RDS and I couldn’t find any references to the passwords there so I guess it must have been solved differently there.
I’m happy to report a bug/feature request in GitHub if something like that is doable