We've recently started managing our AWS infrastructure with Terraform and it's been great. The problem with only using Terraform for part of our infrastructure is that it can be difficult to get secrets out of Terraform so we can use them.

Thankfully parsing the state and retrieving the data is pretty straightforward if you have jq installed.

terraform state pull | jq '.resources[] | select(.type == "aws_iam_access_key") | .instances[0].attributes'

That will output something like:

{
  "create_date": "...",
  "encrypted_secret": null,
  "encrypted_ses_smtp_password_v4": null,
  "id": "...",
  "key_fingerprint": null,
  "pgp_key": null,
  "secret": "...",
  "ses_smtp_password_v4": "...",
  "status": "Active",
  "user": "your-user"
}

Thanks, as always to stack overflow for pointing me towards a simple solution.