Sensitive attributes such as passwords and API tokens should not be available in your templates, especially in a plaintext form. You can declare variables to hold the secrets, assuming you can provide values for those variables in a secure fashion. Alternatively, you can store these secrets in a secure secret store, such as AWS KMS.
NOTE: It is also recommended to store your Terraform state in an encrypted form.
Block attribute could be leaking secrets
Don’t include sensitive data in blocks
The following example will fail the general-secrets-sensitive-in-attribute check.
The following example will pass the general-secrets-sensitive-in-attribute check.