No1 did it for me
The code snippet you provided shows a Terraform output block for the storage_account_primary_access_key, with the sensitive = true parameter, which hides the value in the Terraform output log.
To retrieve the storage_account_primary_access_key after applying the Terraform configuration, follow these steps:
1. Terraform Output Command
Run the following command to fetch the sensitive output value:
terraform output -json
This will display all output values in JSON format, including sensitive ones, though it won’t reveal them in plain text.
Alternatively, for a specific output:
terraform output storage_account_primary_access_key
However, since sensitive = true, the actual value will not display unless you override the behavior (see below).
2. Extracting Sensitive Outputs
To reveal sensitive outputs for your local use:
- Temporarily change
sensitive = truetosensitive = falsein your Terraform configuration file. - Run:
terraform apply - Fetch the value with:
terraform output storage_account_primary_access_keyAfter retrieving the value, restoresensitive = trueto keep it hidden again.
3. Access the Key Directly from Azure CLI
If Terraform manages the Azure resources, you can also retrieve the storage account’s access key directly via the Azure CLI:
az storage account keys list --account-name <STORAGE_ACCOUNT_NAME> --resource-group <RESOURCE_GROUP_NAME> --query "[?keyName=='key1'].value" -o tsv
Replace <STORAGE_ACCOUNT_NAME> and <RESOURCE_GROUP_NAME> with your actual values.
4. Programmatic Use
If you’re referencing the output in another Terraform module or script, you can directly use the azurerm_storage_account.storage.primary_access_key variable in your Terraform configuration or as an environment variable.