Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure Environment Entries from OpsWorks Applications are being displayed on plan #15447

Closed
hc-danieltiziani opened this issue Oct 2, 2020 · 4 comments
Closed

Secure Environment Entries from OpsWorks Applications are being displayed on plan #15447

hc-danieltiziani opened this issue Oct 2, 2020 · 4 comments
Labels
bug Addresses a defect in current functionality. service/opsworks Issues and PRs that pertain to the opsworks service. stale Old or inactive issues managed by automation, if no further action taken these will get closed. upstream-terraform Addresses functionality related to the Terraform core binary.

Comments

@hc-danieltiziani
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v0.13.4

  • provider registry.terraform.io/hashicorp/aws v3.8.0

Affected Resource(s)

  • aws_opsworks_application

Terraform Configuration Files

resource "aws_opsworks_application" "app" {
  stack_id = var.STACK_ID
  name        = var.APP_NAME
  short_name  = var.APP_SHORT_NAME
  description = var.APP_DESCRIPTION
    type        = "other"

  app_source {
    type = var.APP_SOURCE_TYPE
    url  = var.APP_SOURCE_URL
  }

  domains = []

  environment {
    key    = "KEY_NAME"
    value  = data.aws_ssm_parameter.secret.secret_key.value
    secure = secure
  }
}

Debug Output

Plan Result

resource "aws_opsworks_application" "app" {
      ~ description = ""
        domains     = []
        enable_ssl  = false
        id          = ""
        name        = ""
        short_name  = ""
        stack_id    = ""
        type        = "other"

       environment {
            key    = "KEY_NAME"
            secure = true
            value  = "SECRET VALUE"
        }
}

Expected Behavior

Not display the real value of SECURE Environment entry on the plan

Actual Behavior

Is displaying in plain text the whole value that will be added/updated.
I'm retrieving the value from my Secret Manager and expected for it to not be displayed on the plan IF the secure flag is true for the entry.
@ghost ghost added the service/opsworks Issues and PRs that pertain to the opsworks service. label Oct 2, 2020
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Oct 2, 2020
@bflad bflad added bug Addresses a defect in current functionality. upstream-terraform Addresses functionality related to the Terraform core binary. and removed needs-triage Waiting for first response or review from a maintainer. labels Oct 2, 2020
@bflad
Copy link
Contributor

bflad commented Oct 2, 2020

Hi @hc-danieltiziani 👋 Thank you for raising this.

Terraform Providers do not currently have a way through the Terraform Plugin SDK to conditionally signal whether a particular attribute is sensitive to Terraform core. I will need to check upstream in that repository to see if this is already captured as a feature request.

Our only current option would be to always mark value as Sensitive: true in the resource schema, which would always obfuscate the value even for "insecure" values.

@hc-danieltiziani
Copy link
Author

Is this a possibility (marking always as Sensitive?) for all then?
Because I'm storing those in AWS SSM as secure, so it makes sense for me, but just wanted to check this.

Thanks!

@bflad bflad mentioned this issue Apr 9, 2021
Open
@github-actions
Copy link

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

@github-actions github-actions bot added the stale Old or inactive issues managed by automation, if no further action taken these will get closed. label Sep 26, 2022
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Oct 27, 2022
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 27, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/opsworks Issues and PRs that pertain to the opsworks service. stale Old or inactive issues managed by automation, if no further action taken these will get closed. upstream-terraform Addresses functionality related to the Terraform core binary.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bflad @hc-danieltiziani