I have a case where i would like to use http provider to get access token to the system. Basically you supply client id and client password and get token in return. i would like to be able to mark that token as sensitive to give it minimum protection.
Proposal
I propose a bool argument to the provider: response_is_sensitive. It can default to false to maintain backwards compatibility. Butif it is set, I propose two additional output parameters response_body_sensitive and response_body_base64_sensitive that would contain sensitive data. So code would look like this:
#normal nonsensitive flow
data "http" "non_sensitive" {
<nothing changes here or `response_is_sensitive` is set to false>
}
<data is stored in same variables as before>
sensitive flow:
data "http" "sensitive" {
response_is_sensitive = true
<other stuff>
}
<return data is stored in `response_body_sensitive` and `response_body_base64_sensitive` fields not normal fields
How much impact is this issue causing?
Medium
Additional Information
No response
Code of Conduct
[X] I agree to follow this project's Code of Conduct
Terraform CLI and Provider Versions
all TF versions, http provider 3.4.1
Use Cases or Problem Statement
I have a case where i would like to use http provider to get access token to the system. Basically you supply client id and client password and get token in return. i would like to be able to mark that token as sensitive to give it minimum protection.
Proposal
I propose a bool argument to the provider: response_is_sensitive. It can default to false to maintain backwards compatibility. Butif it is set, I propose two additional output parameters
response_body_sensitive
andresponse_body_base64_sensitive
that would contain sensitive data. So code would look like this:sensitive flow:
How much impact is this issue causing?
Medium
Additional Information
No response
Code of Conduct