We’ve released Terraform 0.14!
Check out the announcement blog post here
This release includes the ability to mark input variables as sensitive and have them redacted throughout the Terraform plan (preventing their egress into other systems that might consume the console output). Docs here: https://www.terraform.io/docs/configuration/variables.html#suppressing-values-in-cli-output
We’ve also got some experimental behaviour we’re testing which allows providers to define attributes as sensitive and have them redacted in the same way as input variables. We’d like to make this behaviour part of the default in 0.15. To play with the feature, checkout out the docs here for info on how to enable it: https://www.terraform.io/docs/configuration/expressions/references.html#sensitive-resource-attributes
NB: This will need to be enabled for each module and so won’t be viable for production yet. The reason for making this an experimental feature is that modules which consume sensitive attributes at their outputs will error if those outputs aren’t also marked with
sensitive = true. We’d like to give module authors time to update their modules but also weigh some other options.
We’ve got a new concise diff renderer which we hope will make it much clearer which changes Terraform intends to make to you resources. Finally, there’s a new dependency lock file and
linux_arm64 builds officially supported.
The most exciting feature is one we didn’t ship: an upgrade tool because you don’t need one.
There’s actually a lot more in the release so checkout the changelog for details: https://github.com/hashicorp/terraform/blob/v0.14/CHANGELOG.md