-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manual sensitivity override for resource attributes #29331
Comments
Hi @FWest98, An Do either of these existing methods work for your use case? |
I know about these, but in my case a provider resource provides an output that is not marked sensitive, that I want to mark sensitive by hand. At the moment, when this provider output changes, it will show the result in my console while I would want it to show |
Thanks @FWest98, I see what you mean now. No, you cannot change the sensitivity of a resource attribute, as that is part of its schema, which is outside the control of Terraform. This means that changes to the attribute's value will be displayed in the UI, even though those attributes are fed into other values marked as sensitive. |
Exactly, I missed the "resource attribute" terminology but that is exactly my feature request. I think there are more use cases for this; such as the |
Current Terraform Version
Use-cases
A provider output could sometimes be sensitive, but sometimes not. For example: configuration transpilers that convert human-readable formats to machine-readable formats such as the Container Linux transpiler (https://github.com/poseidon/terraform-provider-ct). Usually, the configuration is not sensitive, but sometimes, the configuration is sensitive.
Currently, I am able to mark the input as sensitive, to prevent the data from showing in the console output. However, the output is not marked sensitive by the provider developer (since usually this is non-sensitive indeed), and thus the output does show in my console.
I would like to be able to mark the output as sensitive as well, some kind of manual override of some sort.
Attempted Solutions
I don't know of a way to mark the provider output as sensitive without changing the provider code.
Proposal
I don't know the best way to achieve this. Some first thoughts:
isOutputSensitive
to manually change the sensitivity of the respective output.output { some_field { sensitive = true } }
, but that might be too complicatedReferences
Not that I know of
The text was updated successfully, but these errors were encountered: