How to avoid having plaintext master-passwords for RDS when deployed through terraform and How to retrieve password to use it in a server


Staff member
I'm new to stack overflow. Apologize if I didn't format it right.
I'm currently using terraform to provision aurora-rds. Problem is, I shouldn't be having the db master-password as a plaintext sitting in the .tf file.
I've been using this config initially with a plaintext password.

    engine          = "aurora-mysql"
    engine_version  = "5.7.12"
    cluster_family  = "aurora-mysql5.7"
    cluster_size    = "1"
    namespace       = "eg"
    stage           = "dev"
    admin_user      = "admin"
    admin_password  = "passwordhere"
    db_name         = "dbname"
    db_port         = "3306

I'm looking for a solution where I can skip a plaintext password like shown above and have something auto-generated and able to be included into terraform file. Also, I must be able to retrieve the password so that I can use that to configure wordpress server.

<a href="" rel="nofollow noreferrer"></a>
I came across this solution but, not sure how to retrieve the password to use it in server. Well I haven't deployed this yet too.