How can I keep sensitive values out of Terraform state?
Terraform can write resource arguments into state and saved plans. HashiCorp's
Terraform state documentation warns that
state files can expose stored secrets. The sensitive flag redacts CLI and UI output, but Terraform can
still record the value in state.
With the atlas_schema resource, Terraform can pass connection metadata while Atlas resolves the
credential when it evaluates atlas.hcl.