Skip to content

Latest commit

 

History

History
127 lines (95 loc) · 5.08 KB

password.md

File metadata and controls

127 lines (95 loc) · 5.08 KB
Raw
page_title subcategory description
random_password Resource - terraform-provider-random
Identical to random_string string.html with the exception that the result is treated as sensitive and, thus, not displayed in console output. Read more about sensitive data handling in the Terraform documentation https://www.terraform.io/docs/language/state/sensitive-data.html. This resource does use a cryptographic random number generator.

random_password (Resource)

Identical to random_string with the exception that the result is treated as sensitive and, thus, not displayed in console output. Read more about sensitive data handling in the Terraform documentation.

This resource does use a cryptographic random number generator.

Example Usage

resource "random_password" "password" {
  length           = 16
  special          = true
  override_special = "!#$%&*()-_=+[]{}<>:?"
}

resource "aws_db_instance" "example" {
  instance_class    = "db.t3.micro"
  allocated_storage = 64
  engine            = "mysql"
  username          = "someone"
  password          = random_password.password.result
}

Schema

Required

  • length (Number) The length of the string desired. The minimum value for length is 1 and, length must also be >= (min_upper + min_lower + min_numeric + min_special).

Optional

  • keepers (Map of String) Arbitrary map of values that, when changed, will trigger recreation of resource. See the main provider documentation for more information.
  • lower (Boolean) Include lowercase alphabet characters in the result. Default value is true.
  • min_lower (Number) Minimum number of lowercase alphabet characters in the result. Default value is 0.
  • min_numeric (Number) Minimum number of numeric characters in the result. Default value is 0.
  • min_special (Number) Minimum number of special characters in the result. Default value is 0.
  • min_upper (Number) Minimum number of uppercase alphabet characters in the result. Default value is 0.
  • number (Boolean, Deprecated) Include numeric characters in the result. Default value is true. If number, upper, lower, and special are all configured, at least one of them must be set to true. NOTE: This is deprecated, use numeric instead.
  • numeric (Boolean) Include numeric characters in the result. Default value is true. If numeric, upper, lower, and special are all configured, at least one of them must be set to true.
  • override_special (String) Supply your own list of special characters to use for string generation. This overrides the default character list in the special argument. The special argument must still be set to true for any overwritten characters to be used in generation.
  • special (Boolean) Include special characters in the result. These are !@#$%&*()-_=+[]{}<>:?. Default value is true.
  • upper (Boolean) Include uppercase alphabet characters in the result. Default value is true.

Read-Only

  • bcrypt_hash (String, Sensitive) A bcrypt hash of the generated random string. NOTE: If the generated random string is greater than 72 bytes in length, bcrypt_hash will contain a hash of the first 72 bytes.
  • id (String) A static value used internally by Terraform, this should not be referenced in configurations.
  • result (String, Sensitive) The generated random string.

Import

Import is supported using the following syntax:

terraform import random_password.password securepassword

Limitations of Import

Any attribute values that are specified within Terraform config will be ignored during import and all attributes that have defaults defined within the schema will have the default assigned.

For instance, using the following config during import:

resource "random_password" "password" {
  length = 16
  lower  = false
}

Then importing the resource using terraform import random_password.password securepassword, would result in the triggering of a replacement (i.e., destroy-create) during the next terraform apply.

Avoiding Replacement

If the resource were imported using terraform import random_password.password securepassword, replacement could be avoided by using:

  1. Attribute values that match the imported ID and defaults:

    resource "random_password" "password" {
  length = 14
  lower  = true
}

  2. Attribute values that match the imported ID and omit the attributes with defaults:

    resource "random_password" "password" {
  length = 14
}

  3. ignore_changes specifying the attributes to ignore:

    resource "random_password" "password" {
  length = 16
  lower  = false

  lifecycle {
    ignore_changes = [
      length,
      lower,
    ]
  }
}

    NOTE ignore_changes is only required until the resource is recreated after import, after which it will use the configuration values specified.