spirkaa
commented
1 year ago Same problem. Terraform 1.3.9 redacts output, but not 1.4.x
Open papanito opened 1 year ago
spirkaa
commented
1 year ago Same problem. Terraform 1.3.9 redacts output, but not 1.4.x
arybolovlev
commented
1 year ago Hi @papanito,
This is expected behavior to see a sensitive value as a plain text under the object. That happens because Terraform doesn't carry the sensitive attribute in the returned tftype object. However, it should be hidden under the manifest.
As @spirkaa has mentioned, starting from 1.4.0 we observe a change in the behavior of displaying sensitive values. They are now visible under the manifest too. That happens only for the kubernetes_manifest resource.
We are going to investigate this.
Thank you.
papanito
commented
1 year ago However, it should be hidden under the manifest.
how so?
alexsomesan
commented
1 year ago This looks like a regression in Terraform itself. Will raise it with the team to get it evaluated.
liamcervante
commented
1 year ago I've ported this over to the Terraform core repository: https://github.com/hashicorp/terraform/issues/33056.
I think this issue could be closed, and we can track from the new issue.
alexsomesan
commented
1 year ago Thanks for porting it over to TF, @liamcervante I would lean on keeping this one open until the fix is merged on your side, just to avoid duplicates in case other people run into this and come to report it.
papanito
commented
1 year ago Seems the issue was fixed on 24th of April, so we can also close my issue right? @alexsomesan
primeroz
commented
11 months ago i am having this problem on with terraform 1.3.9
in the manifest section the value is marked as sensitive but in the object section is not
i am using kubernetes_manifest to push an argocd application
"values" = yamlencode({
"test" = {
"enabled" = false,
"fakeSecret" = sensitive("password"),
}
})in plan
manifest
+ values = (sensitive value)object
+ values = <<-EOT
"test":
"enabled": false
"fakeSecret": "password"
EOT
+ valuesObject = (known after apply)
+ version = (known after apply)
}
benjefferies
commented
11 months ago i am having this problem on with
terraform 1.3.9in the
manifestsection the value is marked as sensitive but in theobjectsection is noti am using
kubernetes_manifestto push an argocd application"values" = yamlencode({ "test" = { "enabled" = false, "fakeSecret" = sensitive("password"), } })in plan
manifest
+ values = (sensitive value)object
+ values = <<-EOT "test": "enabled": false "fakeSecret": "password" EOT + valuesObject = (known after apply) + version = (known after apply) }
I'm doing the exact same thing to inject some values that are sensitive into the application of an argocd application. Did you find any work around @primeroz. I am playing around with ignoring the object section as I do not need the values for anything
primeroz
commented
11 months ago No i did not ... fortunately for me we don't really have any real secret in those manifests anymore so is not a big problem ... but as part of due diligence i tested that and noticed the problem
Terraform version, Kubernetes provider version and Kubernetes version
Question
I have this
kubernetes_manifestobjectI marked the data as sensitive cause I don't want it to shown in the plan. However it still shows up
What am I doing wrong? is this a bug?