Open alexhung opened 4 months ago
Hi @alexhung 👋 Thank you for raising this.
Setting an attribute Sensitive
flag should signal to Terraform across the plugin protocol that it should treat any values of that attribute as sensitive data and not directly display them in output. The configuration context shown in warning and error diagnostics is handled by Terraform and if Terraform is not honoring the attribute sensitive behavior, this issue should be raised in the Terraform issue tracker instead as there is nothing else that the provider side of the protocol can do to change or further influence this display of the value in that context.
As a temporary workaround, you should be able to remove the attribute path information from the diagnostic (e.g. use (diag.Diagnostics).AddWarning()
instead) to prevent the direct display of the value. The configuration context shown by Terraform should then only show the configuration line of the resource block instead.
@bflad Thanks for the comment! I'll switch to using AddWarning()
for now.
Should I open the issue in https://github.com/hashicorp/terraform or would you do that internally?
The warning message for an attribute that has been marked as "Sensitive" shows the value in the console.
I suspect similar misbehavior for error message?
Module version
Relevant provider source code
Terraform Configuration Files
N/A
Debug Output
Expected Behavior
The value of the sensitive attribute should either be redacted or hidden completely.
Actual Behavior
The value is output verbatim to the console.
Steps to Reproduce
N/A
References
Issue from practitioner: https://github.com/jfrog/terraform-provider-artifactory/issues/977
Source code: https://github.com/jfrog/terraform-provider-artifactory/blob/master/pkg/artifactory/resource/security/resource_artifactory_keypair.go#L114 and https://github.com/jfrog/terraform-provider-artifactory/blob/master/pkg/artifactory/resource/security/resource_artifactory_keypair.go#L284