DevOps tooling biz HashiCorp has put the finishing touches on version 0.14 of Terraform, to bring the infrastructure as code project one step closer to its hotly anticipated 1.0 release. 

Perhaps the most highlighted feature of the release is Terraform’s newly gained capability to let users mark input variables, variable blocks, and module outputs as sensitive. Elements that have the sensitive=true attribute set won’t be visible in the CLI output, so they aren’t exposed to other tools that work with the console output (logging systems for instance).

An initially more useful addition is the new provider dependency lock file, which is generated when Terraform init is run. The tool notes which version of each provider is used for a specific run, so that the result can be replicated later on. In earlier versions Terraform always opted for the “newest version allowed by the version constraints on each install”, a behaviour which can now be used by running terraform init -upgrade.

Terraform 0.14 is also the first version to read compatible state files written in future versions of Terraform, so that users will be able to share remote state between them until the next major state file version is required. Teams on older versions won’t be able to partake in the fun as those will “continue to refuse to read state written by later versions”.

Commands terraform plan and terraform apply have been fitted with a new experimental concise diff renderer, which is activated by default and hides most unchanged fields so that it’s easier to see changes and concentrate on their context. 

The project’s CLI now comes with the new option -chdir=… for switching to another subdirectory before executing the subcommand following it, and configurations allow alltrue and anytrue for evaluating boolean conditions across all items in a collection. More details on these as well as various core and configuration bug fixes can be found in the project’s changelog.

HashiCorphas used the new Terraform release to gather some feedback on experiments module_variable_optional_attrs and provider_sensitive_attrs. Enabling the former will allow users to mark an attribute as optional and therefore change type conversion behaviour so it won’t throw an error if the attribute isn’t present in an object or map. 

If provider_sensitive_attrs is activated, Terraform’s automatic behaviour is changed to consider attribute sensitivity flags in provider resource schemas when propagating flags. In order to run properly, devs should double check their output values are correctly marked. Otherwise Terraform might return errors if an output value was derived from a sensitive value provider but was not annotated itself to ensure data was not exposed by accident.

Terraform 0.14 is now available to use directly via Terraform Cloud or for download.