From 7551d1249630b150c1254d0ce0b20771eed2fff7 Mon Sep 17 00:00:00 2001 From: juraj-s Date: Wed, 1 Oct 2025 11:42:32 +0200 Subject: [PATCH] Update terraform.go The 1Password Terraform shell plugin successfully provides credentials for commands like `terraform apply` and `terraform init`, but it specifically fails to provide them for the `terraform output` command. A key factor is the use of a remote state file in S3, which requires authentication. The issue is not present when credentials are set directly as environment variables. As an example, the `output` subcommand is missing from this list. I suspect this causes the plugin to omit credential injection for the `output` command. As a result, the terraform process fails to receive the credentials in its environment. Instead terraform falls back to the configuration in `provider.tf` file. Since that file doesn't contain explicit credentials, the backend authentication fails. --- plugins/terraform/terraform.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/terraform/terraform.go b/plugins/terraform/terraform.go index 40c613b3..05638229 100644 --- a/plugins/terraform/terraform.go +++ b/plugins/terraform/terraform.go @@ -33,6 +33,8 @@ func TerraformCLI() schema.Executable { needsauth.ForCommand("destroy"), needsauth.ForCommand("import"), needsauth.ForCommand("test"), + needsauth.ForCommand("output"), + needsauth.ForCommand("taint"), ), }, },