From 8a873b50285051f8c37abdeb046410ad85ed2269 Mon Sep 17 00:00:00 2001
From: "Dr. Jason Breitweg" <jason@breitweg.com>
Date: Tue, 4 Mar 2025 11:27:37 +0100
Subject: [PATCH 1/2] Variables parameter set to no_log=True

---
 plugins/modules/terraform.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/modules/terraform.py b/plugins/modules/terraform.py
index c528a19a..cf159e02 100644
--- a/plugins/modules/terraform.py
+++ b/plugins/modules/terraform.py
@@ -436,7 +436,7 @@ def main() -> None:
             workspace=dict(type="str", default="default"),
             purge_workspace=dict(type="bool", default=False),
             state=dict(default="present", choices=["present", "absent", "planned"]),
-            variables=dict(type="dict"),
+            variables=dict(type="dict", no_log=True),
             complex_vars=dict(type="bool", default=False),
             variables_files=dict(aliases=["variables_file"], type="list", elements="path"),
             plan_file=dict(type="path"),

From 59a5e244ce1dfbb55438ce700c5e4b424acd4716 Mon Sep 17 00:00:00 2001
From: Jason Breitweg <jason@breitweg.com>
Date: Wed, 23 Apr 2025 15:48:32 +0200
Subject: [PATCH 2/2] Added changelog fragment

---
 changelogs/fragments/170-variables-parameter-set-to-no_log.yml | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 changelogs/fragments/170-variables-parameter-set-to-no_log.yml

diff --git a/changelogs/fragments/170-variables-parameter-set-to-no_log.yml b/changelogs/fragments/170-variables-parameter-set-to-no_log.yml
new file mode 100644
index 00000000..5be61e1d
--- /dev/null
+++ b/changelogs/fragments/170-variables-parameter-set-to-no_log.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - Made the `variables` parameter defaults to `no_log=true` to that sensitive information won't be exposed and so that a `no_log=true` on the task level isn't needed.
\ No newline at end of file