Category-CodeStyle
Class-Pattern
Class-Resource
Class-Utility
Language-Terraform
Lifecycle-BAU
Persona-Contributor
Persona-Owner
Severity-MUST
Type-NonFunctional
Validation-TBD

TFNFR23 - Sensitive Default Value Conditions

ID: TFNFR23 - Category: Code Style - Sensitive Default Value Conditions

A default value MUST NOT be set for a sensitive input, unless it is an empty collection value.

Good example:

variable "example_map" {
  type        = map(string)
  default     = {}
  description = "An example map variable with an empty default value."
  sensitive   = true
}

Bad example:

variable "example_string" {
  type        = string
  default     = "sensitive_value"
  description = "An example string variable with a sensitive default value."
  sensitive   = true
}