Question 1

How to install tfmask on a Mac?

Accepted Answer

You can compile it from source using `make go/build` as per the README, or check the GitHub releases for pre-built binaries. It's a Go binary, so installation is straightforward with proper Go tools.

Question 2

Can tfmask work with Terraform Cloud or Enterprise?

Accepted Answer

Yes, but you need to pipe the output from Terraform commands run in those environments, which might require custom scripting or CI/CD integration. It masks stdout, so as long as you can capture and pipe it, it will work.

Question 3

How to add custom regex patterns for new secret types?

Accepted Answer

Set the `TFMASK_VALUES_REGEX` environment variable with your custom pattern, as shown in the direnv example. You can define patterns to match additional keywords like 'api_key' or 'password'.

Question 4

tfmask vs using Terraform's sensitive variable feature - which is better?

Accepted Answer

Terraform's sensitive variables mark inputs as sensitive but might still leak in output from providers; tfmask provides an additional layer by masking output values. They are complementary, with tfmask adding post-processing security.

Question 5

How to use tfmask in a CI/CD pipeline like Jenkins?

Accepted Answer

Integrate it by modifying your pipeline script to run Terraform commands with `-no-color` and pipe the output through tfmask. For example: `terraform apply -auto-approve -no-color | tfmask` to secure logs.

Question 6

Does tfmask support Terraform 0.12 and above?

Accepted Answer

Yes, it works with any Terraform version as long as the output format is consistent, but always test with your specific setup since changes in Terraform's output could affect parsing.

Question 7

What happens if tfmask misses a secret?

Accepted Answer

If the regex doesn't match, the secret will be exposed in the output. You need to proactively update the regex patterns or environment variables to cover new cases, which requires ongoing maintenance.

tfmask

What is tfmask?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions