random_password (Resource)

Identical to random_string with the exception that the result is treated as sensitive and, thus, _not_ displayed in console output. Read more about sensitive data handling in the Terraform documentation.

This resource does use a cryptographic random number generator.

Example Usage

resource "random_password" "password" {
  length           = 16
  special          = true
  override_special = "!#$%&*()-_=+[]{}<>:?"
}

resource "aws_db_instance" "example" {
  instance_class    = "db.t3.micro"
  allocated_storage = 64
  engine            = "mysql"
  username          = "someone"
  password          = random_password.password.result
}

Schema

Required

Optional

Read-Only

Import

Import is supported using the following syntax:

terraform import random_password.password securepassword

Limitations of Import

Any attribute values that are specified within Terraform config will be ignored during import and all attributes that have defaults defined within the schema will have the default assigned.

For instance, using the following config during import:

resource "random_password" "password" {
  length = 16
  lower  = false
}

Then importing the resource using terraform import random_password.password securepassword, would result in the triggering of a replacement (i.e., destroy-create) during the next terraform apply.

Avoiding Replacement

If the resource were imported using terraform import random_password.password securepassword, replacement could be avoided by using:

  1. Attribute values that match the imported ID and defaults:

    resource "random_password" "password" {
      length = 14
      lower  = true
    }
    
  2. Attribute values that match the imported ID and omit the attributes with defaults:

    resource "random_password" "password" {
      length = 14
    }
    
  3. ignore_changes specifying the attributes to ignore:

    resource "random_password" "password" {
      length = 16
      lower  = false
    
      lifecycle {
        ignore_changes = [
          length,
          lower,
        ]
      }
    }
    

    NOTE ignore_changes is only required until the resource is recreated after import, after which it will use the configuration values specified.