• Hide sensitive information from terraform output

    2 min read

    terraform sensitive

    There are certain terraform outputs that can contain sensitive data, for example: Rendered helm values can contain sensitive data that we need to give to helm to be able to install the pods on our kubernetes cluster. Starting terraform 0.15 we can tell terraform which input and output variables are sensitives so it can hide them away from it's output.

    For example, to set an output variable as sensitive we just need to add the sensitive attribute and set it to true:

    output "helm_pet2cattle_values" {
      value     = module.pet2cattle.values
      sensitive = true


  • terraform: create an array of resources using for_each

    3 min read

    terraform for_each

    If we need to create multiple resources of the same kind based on a set of objects, we can use the for_each keyword for creating them.


  • terraform: Using dynamic blocks to conditionally set a block on a resource

    2 min read

    terraform dynamic blocks optional

    In the same way we can conditionally include a resource, we can also use for_each to conditionally include a nested block using terraform's dynamic blocks

    For example, if we want to add a variable that controls whether we should set this value:

    resource "helm_release" "spinnaker" {
      name  = "spinnaker"
      set {
        name = "halyard.additionalScripts.data.enable_mptv2"
        type = "string"
        value = <<-EOF
          cat $0
          echo "custom mptv2"
          $HAL_COMMAND config features edit --managed-pipeline-templates-v2-ui true


  • Terraform dynamic blocks

    3 min read

    terraform dynamic blocks

    When we have a resource that can have multiple nested blocks to be configured we can use dynamic blocks to configure it dynamically. A perfect example is a SecurityGroup that can have multiple ingress and egress rules to be able to allow traffic. Let's use the following aws_security_group resource definition as a starting point:

    resource "aws_security_group" "demo_sg" {
      name = "demo_sg"
      description = "pet2cattle demo SG with dynamic blocks"
      vpc_id = aws_vpc.main.id
      ingress {
        from_port        = 443
        to_port          = 443
        protocol         = "tcp"
        cidr_blocks      = [aws_vpc.main.cidr_block]
      egress {
        from_port        = 0
        to_port          = 0
        protocol         = "-1"
        cidr_blocks      = [""]


  • Using data sources for retrieving data from not managed resources

    2 min read

    terraform data

    Using data sources on terraform allows us to make use of information not managed by Terraform, or defined by another separate Terraform codebase. We can use it for any resource os even an entire terraform remote state

    Let's dive in



More recent...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets