Open jjayabal23 opened 1 month ago
Terraform version: 1.6.6 Provider version: 2.13.2 Kubernetes version: 1.28.9
resource "helm_release" "argocd" { name = "argocd" repository = "https://argoproj.github.io/argo-helm" chart = "argo-cd" namespace = kubernetes_namespace.argocd.metadata.0.name version = "5.52.1" set_sensitive { name = "configs.secret.extra.accounts\\.serviceaccount\\.password" value = bcrypt(var.password) } }
NOTE: In addition to Terraform debugging, please set HELM_DEBUG=1 to enable debugging info from helm.
terraform apply
The metadata displayed in terraform plan should have redacted the sensitive value and displayed "(sensitive value)"
configs = { secret = { extra = { "accounts.serviceaccount.password" = "(sensitive value)" } } }
The metadata displays the sensitive value in clear text
configs = { secret = { extra = { "accounts.serviceaccount.password" = "clear-text-password" } } }
The issue does not appear when there is no backslash in the key name.
Terraform, Provider, Kubernetes and Helm Versions
Affected Resource(s)
Terraform Configuration Files
Debug Output
NOTE: In addition to Terraform debugging, please set HELM_DEBUG=1 to enable debugging info from helm.
Panic Output
Steps to Reproduce
terraform applyExpected Behavior
The metadata displayed in terraform plan should have redacted the sensitive value and displayed "(sensitive value)"
Actual Behavior
The metadata displays the sensitive value in clear text
Important Factoids
The issue does not appear when there is no backslash in the key name.
References
Community Note