You can use a regular expression to ensure that sensitive outputs are masked from plan outputs and comments by digger.
This can be done at the workflow level as follows:
Copy
Ask AI
workflows: default: plan: filter_regex: "((?i)filterme:\\s\"?)[^\"]*" steps: - init - plan
Currently this is only supported at the plan step. The filter_regex is a regular expression and it will mask any occurence of
that expression in the logs and the comment, replacing it with <REDACTED>. For example the following terraform:
Copy
Ask AI
output "filterme" { value = "example_secret: filterme: topsecret"}