Mask Elastic Beanstalk environment variable

[marcoacierno]

Hello!

I have an environment variable of an Elastic beanstalk resource

Something like this:

resource "aws_elastic_beanstalk_environment" "pycon_env" {
  name                = "${terraform.workspace}-env"
  application         = "${aws_elastic_beanstalk_application.pycon.name}"
  solution_stack_name = "64bit Amazon Linux 2018.03 v2.12.16 running Docker 18.06.1-ce"
  tier                = "WebServer"


  setting {
    namespace = "aws:elasticbeanstalk:application:environment"
    name      = "AWS_ACCESS_KEY_ID"
    value     = "${aws_iam_access_key.backend.id}"
  }

  setting {
    namespace = "aws:elasticbeanstalk:application:environment"
    name      = "AWS_SECRET_ACCESS_KEY"
    value     = "${aws_iam_access_key.backend.secret}"
  }
}

When I run terraform plan -no-color | tfmask the value of AWS_SECRET_ACCESS_KEY does not get replaced with ***

I was able to hide other stuff like the sentry dsn and more adding new parameters to TFMASK_VALUES_REGEX, I have something like this now:

(?i)^.*[^a-zA-Z](akia|aroa|asia|access|webhook|aws|setting|profile|database|host|username|address|dsn|oauth|oauth2|application|secret|token|password|key|result|id).*$

(side note, I also tried to hide the database host adding database and host to it, but doesn't work)

but I can't figure out how to hide that secret key :( Do you have any suggestion?

Thanks a lot!