search

betr-io / terraform-provider-mssql

Terraform provider for Microsoft SQL Server
https://registry.terraform.io/providers/betr-io/mssql/latest
MIT License
36 stars 29 forks source link

Password for DB user not treated as sensitive #37

Closed ex1570almbrand closed 2 years ago

ex1570almbrand commented 2 years ago

Hi

I have recently discovered that creating a custom user in the following way:

resource "mssql_user" "database_access" {
   server {
    host = data.azurerm_mssql_server.mssql_server.fully_qualified_domain_name

    azure_login {
      tenant_id     = var.tenant_id
      client_id     = var.db_client_id
      client_secret = var.db_client_secret
    }
  }

  database       = module.caf_mssql_database.name
  username       = "username"
  password       = "PASSWORD"
  roles          = ["db_owner"]
  default_schema = "dbo"
}

works fine, but the password is not treated as a sensitive field by the provider and the plan shows the raw password when outputted in the terminal or pipeline.

This "feature" makes it almost impossible to use the provider in a setup where you want to generate a password, store it in a vault (e.g. key vault) to ensure that it is kept secret.

I hope you could change this soon in a forthcoming version, I could also provide you with a PR if that would speed things up.

Kind Regards Jakub