security: bitbucket_pipeline_variable resource with secured=true must not print value in terraform output

[andrey-yakubovskiy]

expected terraform output

  # module.repo_variable["xxx-frontend.my-password"].bitbucket_pipeline_variable.this will be created
  + resource "bitbucket_pipeline_variable" "this" {
      + id         = (known after apply)
      + key        = "my-password"
      + repository = "my-frontend"
      + secured    = true
      + value      =  <sensitive> <<< value must be masked when secured = true for all terraform outputs
      + workspace  = "mycompany"
    }

actual terraform output

  # module.repo_variable["xxx-frontend.my-password"].bitbucket_pipeline_variable.this will be created
  + resource "bitbucket_pipeline_variable" "this" {
      + id         = (known after apply)
      + key        = "my-password"
      + repository = "my-frontend"
      + secured    = true
      + value      = "mysecret" <<< value is printed as is
      + workspace  = "mycompany"
    }

[zahiar]

Thanks - looks like you can't selectively mark it as a sensitive value (when secured = true) to avoid outputting anything, so will have to mark it as a sensitive value regardless of secured = true/false. Which means the value will not be printed in Terraform plans. Safest option.