[Bug]: Fields marked as sensitive unnecessarily?

[throwaway58383958484]

Is there an existing issue for this?

• [X] I have searched the existing issues

Provider Version

v1.17.3

Terraform Version

v1.9.1

Terraform Edition

Terraform Open Source (OSS)

Current Behavior

On the mongodbatlas_x509_authentication_database_user resource, the fields current_certificate and customer_x509_cas are marked as sensitive (code). From my understanding, these values are not actually sensitive/secret. Is there context here that I'm missing?

We have internal tooling that blocks committing secrets to Terraform state, and we currently make an exception for this resource, but if it's true that these don't need to be sensitive, and they were no longer marked as such, then we could remove the exception.

Terraform configuration to reproduce the issue

resource "mongodbatlas_x509_authentication_database_user" "user" {
  project_id = "..."
  customer_x509_cas = "..."
}

Steps To Reproduce

Run a plan: the customer_x509_cas attribute is considered sensitive and is redacted in the plan.

Logs

No response

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[github-actions[bot]]

Thanks for opening this issue! Please make sure you've followed our guidelines when opening the issue. In short, to help us reproduce the issue we need:

• Terraform configuration file used to reproduce the issue
• Terraform log files from the run where the issue occurred
• Terraform Atlas provider version used to reproduce the issue
• Terraform version used to reproduce the issue
• Confirmation if Terraform OSS, Terraform Cloud, or Terraform Enterprise deployment

The ticket CLOUDP-260892 was created for internal tracking.

[AgustinBettati]

Hello @throwaway58383958484.

Some details regarding both attributes:

• current_certificate: As mentioned in the terraform docs and API docs, this attribute stores a PEM file that contains the user's X.509 certificate and private key. Given the presence of the private key marking the attribute as sensitive would be accurate.
• customer_x509_cas: For this case I will have to double check with the team and underlying API to verify if we can consider as non-sensitive.

Will let you know once we have updates.

[github-actions[bot]]

This issue has gone 7 days without any activity and meets the project’s definition of "stale". This will be auto-closed if there is no new activity over the next 7 days. If the issue is still relevant and active, you can simply comment with a "bump" to keep it open, or add the label "not_stale". Thanks for keeping our repository healthy!