Open papanito opened 1 year ago
Same problem. Terraform 1.3.9 redacts output, but not 1.4.x
Hi @papanito,
This is expected behavior to see a sensitive value as a plain text under the object
. That happens because Terraform doesn't carry the sensitive attribute in the returned tftype
object. However, it should be hidden under the manifest
.
As @spirkaa has mentioned, starting from 1.4.0 we observe a change in the behavior of displaying sensitive values. They are now visible under the manifest
too. That happens only for the kubernetes_manifest
resource.
We are going to investigate this.
Thank you.
However, it should be hidden under the manifest.
how so?
This looks like a regression in Terraform itself. Will raise it with the team to get it evaluated.
I've ported this over to the Terraform core repository: https://github.com/hashicorp/terraform/issues/33056.
I think this issue could be closed, and we can track from the new issue.
Thanks for porting it over to TF, @liamcervante I would lean on keeping this one open until the fix is merged on your side, just to avoid duplicates in case other people run into this and come to report it.
Seems the issue was fixed on 24th of April, so we can also close my issue right? @alexsomesan
i am having this problem on with terraform 1.3.9
in the manifest
section the value is marked as sensitive but in the object
section is not
i am using kubernetes_manifest
to push an argocd application
"values" = yamlencode({
"test" = {
"enabled" = false,
"fakeSecret" = sensitive("password"),
}
})
in plan
manifest
+ values = (sensitive value)
object
+ values = <<-EOT
"test":
"enabled": false
"fakeSecret": "password"
EOT
+ valuesObject = (known after apply)
+ version = (known after apply)
}
i am having this problem on with
terraform 1.3.9
in the
manifest
section the value is marked as sensitive but in theobject
section is noti am using
kubernetes_manifest
to push an argocd application"values" = yamlencode({ "test" = { "enabled" = false, "fakeSecret" = sensitive("password"), } })
in plan
manifest
+ values = (sensitive value)
object
+ values = <<-EOT "test": "enabled": false "fakeSecret": "password" EOT + valuesObject = (known after apply) + version = (known after apply) }
I'm doing the exact same thing to inject some values that are sensitive into the application of an argocd application. Did you find any work around @primeroz. I am playing around with ignoring the object
section as I do not need the values for anything
No i did not ... fortunately for me we don't really have any real secret in those manifests anymore so is not a big problem ... but as part of due diligence i tested that and noticed the problem
Terraform version, Kubernetes provider version and Kubernetes version
Question
I have this
kubernetes_manifest
objectI marked the data as sensitive cause I don't want it to shown in the plan. However it still shows up
What am I doing wrong? is this a bug?