Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unwanted changes in sensitive value when running terraform plan #35675

Closed
PatriQ1414 opened this issue Sep 5, 2024 · 3 comments
Closed

Unwanted changes in sensitive value when running terraform plan #35675

PatriQ1414 opened this issue Sep 5, 2024 · 3 comments
Labels
bug new new issue not yet triaged waiting for reproduction unable to reproduce issue without further information waiting-response An issue/pull request is waiting for a response from the community

Comments

@PatriQ1414
Copy link

Terraform Version

Terraform v1.2.7

Terraform Configuration Files

...terraform config...

Debug Output

NA

Expected Behavior

No changes

Actual Behavior

local_file.ssh_key will be updated in-place

~ resource "local_file" "ssh_key" {
id = "e18093413cXXXXXXXXXXXXXXXXXXXXXX"
# (10 unchanged attributes hidden)
}

tls_private_key.pk will be updated in-place

~ resource "tls_private_key" "pk" {
id = "97f281183dce4cf6d9425bXXXXXXXXXXXXXXX"
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ private_key_openssh = (sensitive value)
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ private_key_pem = (sensitive value)
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ private_key_pem_pkcs8 = (sensitive value)
# (7 unchanged attributes hidden)
}

module.compute.aws_iam_access_key.data_mig will be updated in-place

~ resource "aws_iam_access_key" "data_mig" {
id = "AKXXXXXXXXXXXXXXXXXXX"
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ secret = (sensitive value)
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ ses_smtp_password_v4 = (sensitive value)
# (3 unchanged attributes hidden)
}

module.compute.aws_secretsmanager_secret_version.data_mig_pass will be updated in-place

~ resource "aws_secretsmanager_secret_version" "data_mig_pass" {
id = "arn:aws:secretsmanager:eu-west-1:1112223334444secret:User-XXXXXXX-XXXXXX-XXXXX1"
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ secret_binary = (sensitive value)
# (5 unchanged attributes hidden)
}

module.compute.aws_secretsmanager_secret_version.db_main_password["0"] will be updated in-place

~ resource "aws_secretsmanager_secret_version" "db_main_password" {
id = "arn:aws:secretsmanager:eu-west-1:1112223334444:secret:Password-XXXX-XXXXX-XXXXXX"
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ secret_binary = (sensitive value)
# (5 unchanged attributes hidden)
}

module.compute.aws_sns_topic_subscription.user will be created

  • resource "aws_sns_topic_subscription" "user" {
    • arn = (known after apply)
    • confirmation_timeout_in_minutes = 1
    • confirmation_was_authenticated = (known after apply)
    • endpoint = "user@email.com"
    • endpoint_auto_confirms = false
    • filter_policy_scope = (known after apply)
    • id = (known after apply)
    • owner_id = (known after apply)
    • pending_confirmation = (known after apply)
    • protocol = "email"
    • raw_message_delivery = false
    • topic_arn = "arn:aws:sns:eu-west-1:11112222233334444:XXXXXXXXXXXXXX
      }

module.compute.random_password.db_main_password["0"] will be updated in-place

~ resource "random_password" "db_main_password" {
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ bcrypt_hash = (sensitive value)
id = "none"
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ result = (sensitive value)
# (10 unchanged attributes hidden)
}

module.loadbalancer.aws_acm_certificate.public["0"] will be updated in-place

~ resource "aws_acm_certificate" "public" {
- certificate_authority_arn = "" -> null
- early_renewal_duration = "" -> null
id = "arn:aws:acm:eu-west-1:111222333344444:certificate/XXXXXXXXX-XXXXXXXXX"
# (15 unchanged attributes hidden)

    # (1 unchanged block hidden)
}

module.network.aws_iam_access_key.users will be updated in-place

~ resource "aws_iam_access_key" "users" {
id = "AKXXXXXXXXXXXXXXXXXXXXX"
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ secret = (sensitive value)
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ ses_smtp_password_v4 = (sensitive value)
# (3 unchanged attributes hidden)
}

module.network.aws_secretsmanager_secret_version.user will be updated in-place

~ resource "aws_secretsmanager_secret_version" "user" {
id = "arn:aws:secretsmanager:eu-west-1:1112223333444444:secret:user-XXXXXXXXXXXXXXXXXXXXXX"
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
~ secret_binary = (sensitive value)
# (5 unchanged attributes hidden)
}

module.network.dome9_cloudaccount_aws.main[0] will be updated in-place

~ resource "dome9_cloudaccount_aws" "main" {
id = "6cb67097-af94-4642-ac25-b5bb40442e7a"
name = "UK-SITS-UAL-Prod"
# (8 unchanged attributes hidden)

  ~ credentials {
      - api_key      = "" -> null
      - iam_user     = "" -> null
      # Warning: this attribute value will no longer be marked as sensitive
      # after applying this change. The value is unchanged.
      ~ secret       = (sensitive value)
        # (3 unchanged attributes hidden)
    }

    # (1 unchanged block hidden)
}

Steps to Reproduce

terraform init
terraform plan
terraform apply

Additional Context

This only comes up as a warning and doesn't actually change anything

References

No
@PatriQ1414 PatriQ1414 added bug new new issue not yet triaged labels Sep 5, 2024
@jbardin
Copy link
Member

jbardin commented Sep 5, 2024

Hi @PatriQ1414,

The version of Terraform you are using is quite old, and there have been many bugs fixed and improvements made since then.

If you can replicate the issue with a current Terraform release, please create a minimal example demonstrating the issue, including the configuration and steps to reproduce.

@jbardin jbardin added waiting-response An issue/pull request is waiting for a response from the community waiting for reproduction unable to reproduce issue without further information labels Sep 5, 2024
@jbardin
Copy link
Member

jbardin commented Sep 17, 2024

Since we have not heard back in a while I'm going to close the issue. If you have any updates regarding the issue, feel free to open a new issue with the requested information. If you have more questions, you can also use the community forum where there are more people ready to help.

Thanks!

@jbardin jbardin closed this as not planned Won't fix, can't repro, duplicate, stale Sep 17, 2024
@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug new new issue not yet triaged waiting for reproduction unable to reproduce issue without further information waiting-response An issue/pull request is waiting for a response from the community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbardin @PatriQ1414