ephemeral resource: add google_secret_manager_secret_version support

[rd-michel]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

We would like to use the new feature "ephemeral resources" to hide sensitive data/secrets in the terraform state

New or Affected Resource(s)

• google_secret_manager_secret_version

Potential Terraform Configuration

ephemeral "google_secret_manager_secret_version" "smtp-monitoring-password" {
  project = "gcp-test-project"
  secret  = "smtp-monitoring-password"
}

resource "kubernetes_secret" "smtp-monitoring" {
  metadata {
    name      = "smtp-monitoring"
    namespace = "monitoring"
  }

  data = {
    host     = "smtp.gmail.com"
    port     = 587
    username = "monitoring@testdomain.com"
    password = ephemeral.google_secret_manager_secret_version.smtp-monitoring-password.secret_data
  }
}

References

https://www.hashicorp.com/blog/terraform-1-10-improves-handling-secrets-in-state-with-ephemeral-values https://developer.hashicorp.com/terraform/language/resources/ephemeral

[rileykarson]

Note: exempt from forwarding until we define the self-service contribution process