Failing to output client_secret while creating azuread_application_password through terraform

Question

Hello I am trying to create a azuread_application_password for azuread_application to use it for authentication during backend configuration.

resource "azuread_application_password" "application_password" {
  application_object_id  = azuread_application.app-tf.object_id
  end_date       = timeadd(timestamp(), "720h")
}

output "client_secret" {
  description = "Client Secret"
  value       = azuread_application_password.application_password.value
}

Since I am doing the provisioning through terraform, I need to see the application_password or client_secret after creation so I can use that value.

│ Error: Output refers to sensitive values
│
│   on main.tf line 47:
│   47: output "client_secret" {
│
│ To reduce the risk of accidentally exporting sensitive data that was intended to be only internal, Terraform requires  
│ that any root module output containing sensitive data be explicitly marked as sensitive, to confirm your intent.       
│
│ If you do intend to export this data, annotate the output value as sensitive by adding the following argument:
│     sensitive = true

I understand this might now be safest, but I believe that is only way to create and retrieve client_secret while using terraform, so how can I work around this error and get the value?

Answer 1

Use nonsensitive function to disable masking:

output "client_secret" {
  description = "Client Secret"
  value       = nonsensitive(azuread_application_password.application_password.value)
}